Hotfix for the Caddyfile detection regression in v2.8.2. The v2.8.3 tag was mistakenly made on the wrong commit and is skipped.
Changelog
7088605c cmd: fix regression in auto-detect of Caddyfile (#6362)
v2.8.2
A few more fixes of reported bugs related to ARI, try_files with the root path (/), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.
Changelog
01308b4b I'm so tired of typos
a63767d3 build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
f8a2c602 caddyhttp: properly sanitize requests for root path (#6360)
Quick fixes for a few users related to directory permissions and matcher parsing.
Changelog
40c582ce caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)
a52917a3 core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
v2.8.0
Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.
We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.
There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.
Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.
Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.
As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!
:warning: Breaking changes:
ZeroSSL (#6229) (this is one overall change, but requires some explanation):
Up to now, Caddy used both Let's Encrypt and ZeroSSL by default to get certificates without any configuration. In 2.8, this is changing slightly. Due to upcoming changes to ZeroSSL accounting policies, ZeroSSL now requires your email address to be able to access their free ACME endpoint.
As such, Caddy will only implicitly add the ZeroSSL issuer to your config if you provide an email address in your Caddyfile using the email global option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.
The zerossl issuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with the acme module pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:
Faster response times
IP certificates
Management tools in your ZeroSSL account dashboard
... (truncated)
Commits
7088605 cmd: fix regression in auto-detect of Caddyfile (#6362)
15faeac cmd: fix auto-detetction of .caddyfile extension (#6356)
f8a2c60 caddyhttp: properly sanitize requests for root path (#6360)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/caddyserver/caddy/v2 from 2.7.6 to 2.8.4.
Release notes
Sourced from github.com/caddyserver/caddy/v2's releases.
... (truncated)
Commits
7088605cmd: fix regression in auto-detect of Caddyfile (#6362)15faeaccmd: fix auto-detetction of .caddyfile extension (#6356)f8a2c60caddyhttp: properly sanitize requests for root path (#6360)01308b4I'm so tired of typosb7280e6caddytls: Implement certmagic.RenewalInfoGettera63767dbuild(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)40c582ccaddyhttp: Fix merging consecutiveclient_iporremote_ipmatchers (#6350)a52917acore: MkdirAll appDataDir in InstanceID with 0o700 (#6340)e6f46c8acmeserver: Addsign_with_rootfor Caddyfile (#6345)f6d2c29caddyfile: Reject global request matchers earlier (#6339)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show