We're pleased to present Caddy 2.7, which makes significant strides in areas of scaling, performance, and niche features.
Special thank-you to @francislavoie, @Mohammed90, and other core team members for the ongoing dedication of their time to help maintain the project and help in our forums.
And a big thank-you to everyone else who contributed! You're awesome, and we're glad this project has so many contributors and sponsors to make it possible.
Highlights
The in-memory TLS certificate cache is no longer purged and recreated during config reloads, making reloads extremely lightweight even when managing thousands of certificates.
Significant HTTP/3 performance improvements (upstream in quic-go) including enabling 0-RTT. Caddy users should notice significantly better throughput for HTTP/3. Thanks for the fantastic work, @marten-seemann!
New default template for the file server's "browse" listings - more modern, easier to use, grid view, filetype-specific icons, and better dark mode (see #5427 for more screenshots and info)
The reverse proxy now supports the PROXY protocol. Using external modules is no longer required; specifically, the plugin by @mastercactapus is now built-in. (#5424)
Caddyfile now supports Heredoc syntax for long embedded strings/documents. (#5385)
@francislavoie implemented a suite of enhancements to bring you more reliable, trustworthy client IP information, even through proxies and CDNs (#5104)
Certificate private keys will no longer be reused when renewing certificates.
Caddyfile import arg placeholders support slice syntax, e.g. {args[2:]} (#5249)
Customizable "fallback" policy for reverse proxy in case the primary policy isn't applicable. (#5488)
Etags are generated more sensibly for NixOS environments which all have Modified time of 1; and if you set your own Etag, it will not be overwritten.
EXPERIMENTAL: New short flags for the CLI. (#5379)
EXPERIMENTAL: The reverse proxy may be configured to keep hijacked connections (streams, WebSockets, etc.) open through config reloads. (#5567)
EXPERIMENTAL: Define "named routes" to reuse them without copying. Caddyfile snippets are useful for reusing config, but reusing the same HTTP routes involves lots of copied config and memory bloat. Named routes let you define a route once and reuse it throughout your HTTP server without copying. It is available for JSON and Caddyfile configs. (#5107)
EXPERIMENTAL: You can specify permissions for unix sockets. (#4741)
Many many bug fixes you may or may not notice :upside_down_face:
Deprecations and possible breaking changes for some:
:warning: The ask endpoint is now required to enable On-Demand TLS (b97c76fb4789b8da0b80f5a2c1c1c5bebba163b5) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. The ask endpoint is not required for local-only or internal-only names (#5384 and a7af7c486e5240da974e02b7dfee9d265aaa654a).
:warning: The long-deprecated lookup_srv feature of the reverse proxy has been removed. It was replaced with the dynamic upstreams feature in 2.6. (#5396)
:warning: The remote_ip forwarded matcher has been deprecated because it assumes trusting downstream proxies. Instead, the client_ip matcher should be used along with trusted_proxies configuration. (#5103 and #5104)
:warning: Placeholder syntax {args.0} is now deprecated in favor of {args[0]}.
Thank you to everyone who contributed! And thank you to our sponsors who truly make this project possible.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/caddyserver/caddy/v2 from 2.6.4 to 2.7.1.
Release notes
Sourced from github.com/caddyserver/caddy/v2's releases.
... (truncated)
Commits
4aa4f3a
httpcaddyfile: Fixstring does not match ~[]E
error (#5675)1913930
encode: Fix infinite recursion (#5672)cd486c2
caddyhttp: Make use ofhttp.ResponseController
(#5654)e198c60
go.mod: Upgrade dependencies esp. smallstep/certificatesf66493e
core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)5c51c1d
httpcaddyfile: Allowhostnames
& logger name overrides for log directive (#...da23501
reverseproxy: Connection termination cleanup (#5663)94749e1
go.mod: Use quic-go 0.37.1d7d1636
reverseproxy: Export ipVersions type (#5648)4df27a2
go.mod: Use latest CertMagic (v0.19.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)