chore(deps): update dependency caddyserver/caddy to v2.3.0 #7
Loading…
Reference in New Issue
No description provided.
Delete Branch "renovate/caddyserver-caddy-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.2.1
->v2.3.0
Release Notes
caddyserver/caddy
v2.3.0
Compare Source
Caddy 2.3 is the first web server to be able to get certificates from multiple issuers (for redundancy)! We've also optimized several things for large-scale deployments, as there are businesses using Caddy to serve tens of thousands of sites per instance.
The main highlights of this release include:
Multi-issuer support. Caddy can now get certificates from multiple issuers for redundancy; if one fails, another will be tried. Caddy's new defaults are Let's Encrypt and ZeroSSL. You can customize these, including adding local/self-signed certificates as a last resort if desired. Caddy is the first web server to support multiple issuers, offering unrivaled reliability for your site's HTTPS. It is the first ACME client to support multiple CA fallbacks.
Improved on-demand TLS. On-demand TLS is an operating mode by which certificate obtain/renew operations are triggered on a TLS handshake that requires them, rather than happening at config-load time. We've moved a lot of the processing to the background where possible (e.g. when an existing certificate is still usable) so more connections will finish their handshakes faster, and fewer handshakes will fail (however, you still need to watch the logs and fix the errors before it's too late). Several businesses we know of currently rely on this unique feature at a scale of tens of thousands of sites.
Support for alternate certificate chains. You can now customize which certificate chains to download from ACME servers that offer more than one.
New
map
handler is ready for production use. (Caddyfile docs) It's been in Caddy for a few versions now but it's finally ready for production, with enhanced efficiency and functionality. We have been using this handler with a customer in production for a while now, on an instance that is handling thousands of sites.Customize servers and listeners with the Caddyfile. The Caddyfile structure is oriented around sites for convenience, so customizing servers has not been possible until now. You can now use global options to configure servers and their listeners (for example, protocol options, socket read options, and more) without having to use JSON config.
Of course, there are also numerous bug fixes and other enhancements, including bringing more configuration options into the Caddyfile. Thank you to everyone who contributed code, code reviews, or participated in the pre-releases.
There are a couple of minor breaking changes, but one was not documented and the other has always been an experimental feature:
⚠️ The
remote_ip
matcher no longer reads the X-Forwarded-For header by default. This was undocumented behavior, and an unsafe default. If you happened to be relying on this, please enableforwarded
(in the Caddyfile, just putforwarded
as the first argument before the ranges) to maintain that behavior. Remember that headers are very easy to spoof.⚠️ The
experimental_http3
global option in the Caddyfile has been replaced with global server options, one of which is theexperimental_http3
protocol. Docs will be updated shortly. This is still an unstable feature until HTTP/3 is finalized and our upstream QUIC/H3 lib is stable and we've decided to keep HTTP/3 enabled in the core by default.Along with this release, we've taken the opportunity to consolidate our documentation regarding getting/installing Caddy. There is no more
/docs/download
page, instead it was combined with/docs/install
which better organizes the various official and unofficial ways to get Caddy. (To be clear, our download page at/download
is still available.) Also, we started using Cloudsmith for our Debian packaging -- they're donating this service to our open source project and their team has been a pleasure to work with.This release is the work of at least 20 contributors. Thank you!
Changelog
c5197f5
acme_server: fix reload of acme database (#3874)06ba006
acme_server: switch to bbolt storage (#3868)7a3d9d8
basicauth: Minor internal improvements (#3861)937ec34
caddyauth: Prevent user enumeration by timing4cff36d
caddyauth: Use buffered channel passed to signal.Notify (#3895)3d0e046
caddyauth: Use structured logc6dec30
caddyfile: Add support for env var defaults; add tests (#3682)635f075
caddyfile: Fix minor bug in formatter63bda6a
caddyhttp: Clean up internal auto-HTTPS redirect codeb8a799d
caddyhttp: Document that remote_ip reads X-Forwarded-For header4fc5707
caddyhttp: Fix header matcher when using nil966d5e6
caddyhttp: Merge header matchers in Caddyfile (#3832)b4f49e2
caddyhttp: Merge query matchers in Caddyfile (#3839)1438e4d
caddyhttp: New idle_timeout default of 5m9157051
caddyhttp: Optimize large host matchersdeedf8a
caddyhttp: Optionally use forwarded IP for remote_ip matcher349457c
caddyhttp: Return error if error handling errorb0f8fc7
caddytls: Configure trusted CAs from PEM files (#3882)e384f07
caddytls: Improve alt chain preference settings95af426
caddytls: Support ACME alt cert chain preferences13781e6
caddytls: Support multiple issuers (#3862)e7a5a38
cmd: add ability to read config from stdin (#3898)eda9a1b
fastcgi: Add timeouts support to Caddyfile adapter (#3842)6e9ac24
fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)7d7434c
fileserver: Add debug loggingd8bcf5b
fileserver: Fix "go up" links in browse listings (closes #3942)8d038ca
fileserver: Improve and clarify file hiding logic (#3844)0a7721d
fileserver: Preserve transformed root (fix #3838)b6e96d6
go.mod: Update CertMagica748151
go.mod: Update CertMagic (fix #3911)1e480b8
go.mod: update quic-go to v0.19.2 (#3880)5643dc3
go.mod: update quic-go to v0.19.3 (#3901)31fbcd7
go.mod: Upgrade some dependenciesa26f70a
headers: Fix Caddyfile parsing with request matcher (#3892)b0d5c2c
headers: Support default header values in Caddyfile with '?' (#3807)7c28ecb
httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)3cfefeb
httpcaddyfile: Configure servers via global options (#3836)7e71915
httpcaddyfile: Decrement counter when removing conn policy (fix #3906)03d853e
httpcaddyfile: Fix test on Windowsb6686a5
httpcaddyfile: Improve AP logic with OnDemand63afffc
httpcaddyfile: Proper log config with catch-all blocks (fix #3878)db4f1c0
httpcaddyfile: Revise automation policy generation (#3824)c898a37
httpcaddyfile: support matching headers that do not exist (#3909)dd26875
logging: Fix for IP filteringebc278e
metrics: allow disabling OpenMetrics negotiation (#3944)670b723
requestbody: Add Caddyfile support (#3859)99b8f44
reverse_proxy: Fix random_choose selection policy (#3811)4a641f6
reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)b660993
reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)53aa60a
reverseproxy: Handle "operation was canceled" errors (#3816)6e0849d
reverseproxy: Implement cookie hash selection policy (#3809)9605853
reverseproxy: Logging for streaming and upgrades (#3689)132525d
reverseproxy: Minor lint fixes860cc6a
reverseproxy: Wire up some http transport options in Caddyfile (#3843)c9fdff9
reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)6ea6f3e
reverseproxy: fix random hangs on http/2 requests with server push (#3875)Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.