v2.4.0-beta.2

The beta channel marches on for 2.4 with beta 2. In addition to the changes/additions/improvements from the previous beta, this release includes:

(Please see release notes for v2.4 stable for highlights.)

Changelog

a87f757 .gitignore: add IDE files (#4087)
28a4159 CONTRIBUTING: fix spelling (#4070)
aac1ccf caddy: Add InstanceID() method
ec3ac84 caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
2a127ac caddyconfig: add global option for configuring loggers (#4028)
d63d5ae caddyhttp: improve grammar of comment for AllowH2C (#4072)
ec309c6 caddypki: Add SignWithRoot option for ACME server
f6bb02b caddytls: Remove old asset migration code (close #3894)
911c8a3 cmd: Use formatted logger for config adapter warnings (#4080)
87fbc07 cmd: main: fix minor doc typos (#4082)
a8fdc0a core: Initialize logging before admin
f35a7fa encode,staticfiles: Content negotiation, precompressed files (#4045)
0018b9b fileserver: Add a few more debug lines (#4063)
a48c620 fileserver: Browse listing supports dark mode (#4066)
5bf0a55 fileserver: Don't replace in request paths (fix #4027)
427bbe9 go.mod: Latest CertMagic (updated libdns conventions)
1c8ea00 go.mod: Migrate to golang.org/x/term (#4073)
a0a7c60 go.mod: Use latest CertMagic
f1c3668 headers: Fix Caddyfile parsing for request_header with matchers (#4085)
0d7fe36 httpcaddyfile: Add error directive for the existing handler (#4034)
bafb562 httpcaddyfile: Configure other apps from global options (#3990)
edb362a httpcaddyfile: Fix catch-all site block sorting
f137b82 logging: add replace filter for static value replacement (#4029)
802f80c map: Accept regex substitution in outputs (#3991)
6722ae3 reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
ce5a093 reverseproxy: Fix round robin data race (#4038)
51f35ba reverseproxy: Fix upstreams with placeholders with no port (#4046)
75f797d reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
bd357bf reverseproxy: Set cookie path to / when using cookie lb_policy (#4096)
ad8d01c rewrite: Implement regex path replacements
a6bc581 sigtrap_posix: add missing comma to SIGTERM info (#4078)

v2.4.0-beta.1

"Surprise, surprise, surprise!" (Do you know which classic TV character that quote is from?) We've made a lot of progress on new features since v2.3, and all the major work slated for v2.4 is already done! This is a preview release.

This is a preview release. There's still some fine-tuning we need to do which is delaying the release candidates, but I wanted to roll out some of the exciting improvements early so you can start testing them. As far as I can tell, this tag is relatively stable. However, please expect bugs; though I bet most of them will be minor or limited to edge cases.

Documentation will be updated in the coming weeks. Until then, please refer to individual commits/issues (below) and the code base directly (it is easy to search and read) for docs. We're happy to help on our forums too.

For highlights, see release notes for v2.4.0 stable.

Many other things have been added, changed, or improved as well. See all the commits for details.

Please give this a try in low-risk environments as soon as you can, and we'll be able to ship a better v2.4 stable!

Changelog

bf50d70 acmeserver: Support custom CAs from Caddyfile
ab80ff4 admin: Identity management, remote admin, config loaders (#3994)
3366384 caddycmd: Add upgrade command (#3972)
c8557dc caddyfile: Introduce basic linting and fmt check (#3923)
f021696 caddyfile: Refactor unmarshaling of module tokens
8ec90f1 caddyhttp: Check for invalid subdirectives of static_response
bef80cd caddyhttp: Fix redir html status code, improve flow (#3987)
e2c5c28 caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
cc63c58 caddyhttp: Support placeholders in header matcher values (close #3916)
160d199 caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
09432ba caddytls: Configurable OCSP stapling; global option (closes #3714)
51e3fdb caddytls: Save email with account if not already specified
8b6fdc0 caddytls: add 'key_type' subdirective (#3956)
2772ede cmd: Add --force flag to reload command (close #4005)
ed67823 cmd: Clean up build-info and upgrade output
59071ea cmd: Implement sd_notify() to notify systemd about readiness (#3963)
144b65c cmd: Organize list-modules output; --packages flag (#3925)
8f6f986 cmd: Print more detailed version with --environ
b1bec8c go.mod: Update CertMagic and acmez (improved IDN support)
8c29129 httpcaddyfile: Add resolvers subdir of tls (close #4008)
7846bc1 httpcaddyfile: Adjust iterator when removing AP (fix #3953)
653a0d3 httpcaddyfile: Fix automation policies
90284e8 httpcaddyfile: Fix default issuers when email provided
d68cff8 httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
55e49ff httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
c2b91db httpcaddyfile: Support repeated use of cert_issuer global option
c986110 httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
ef54483 logging: Remove logfmt encoder (close #3575)
58e83a8 map: Add missing json struct tag
3c9256a reverseproxy: Caddyfile health check headers, host header support (#3948)
5ef76ff reverseproxy: Response buffering & configurable buffer size
88a38bd rewrite: Use RawPath instead of Path (fix #3596) (#3918)
14f50d9 templates: Add fileExists and httpError template actions

v2.3.0

Caddy 2.3 is the first web server to be able to get certificates from multiple issuers (for redundancy)! We've also optimized several things for large-scale deployments, as there are businesses using Caddy to serve tens of thousands of sites per instance.

The main highlights of this release include:

• Multi-issuer support. Caddy can now get certificates from multiple issuers for redundancy; if one fails, another will be tried. Caddy's new defaults are Let's Encrypt and ZeroSSL. You can customize these, including adding local/self-signed certificates as a last resort if desired. Caddy is the first web server to support multiple issuers, offering unrivaled reliability for your site's HTTPS. It is the first ACME client to support multiple CA fallbacks.

• Improved on-demand TLS. On-demand TLS is an operating mode by which certificate obtain/renew operations are triggered on a TLS handshake that requires them, rather than happening at config-load time. We've moved a lot of the processing to the background where possible (e.g. when an existing certificate is still usable) so more connections will finish their handshakes faster, and fewer handshakes will fail (however, you still need to watch the logs and fix the errors before it's too late). Several businesses we know of currently rely on this unique feature at a scale of tens of thousands of sites.

• Support for alternate certificate chains. You can now customize which certificate chains to download from ACME servers that offer more than one.

• New map handler is ready for production use. (Caddyfile docs) It's been in Caddy for a few versions now but it's finally ready for production, with enhanced efficiency and functionality. We have been using this handler with a customer in production for a while now, on an instance that is handling thousands of sites.

• Customize servers and listeners with the Caddyfile. The Caddyfile structure is oriented around sites for convenience, so customizing servers has not been possible until now. You can now use global options to configure servers and their listeners (for example, protocol options, socket read options, and more) without having to use JSON config.

Of course, there are also numerous bug fixes and other enhancements, including bringing more configuration options into the Caddyfile. Thank you to everyone who contributed code, code reviews, or participated in the pre-releases.

There are a couple of minor breaking changes, but one was not documented and the other has always been an experimental feature:

• ⚠️ The remote_ip matcher no longer reads the X-Forwarded-For header by default. This was undocumented behavior, and an unsafe default. If you happened to be relying on this, please enable forwarded (in the Caddyfile, just put forwarded as the first argument before the ranges) to maintain that behavior. Remember that headers are very easy to spoof.

• ⚠️ The experimental_http3 global option in the Caddyfile has been replaced with global server options, one of which is the experimental_http3 protocol. Docs will be updated shortly. This is still an unstable feature until HTTP/3 is finalized and our upstream QUIC/H3 lib is stable and we've decided to keep HTTP/3 enabled in the core by default.

• ⚠️ The "issuer" field in TLS automation policies is deprecated and will be removed in the future, please switch to "issuers".

Along with this release, we've taken the opportunity to consolidate our documentation regarding getting/installing Caddy. There is no more /docs/download page, instead it was combined with /docs/install which better organizes the various official and unofficial ways to get Caddy. (To be clear, our download page at /download is still available.) Also, we started using Cloudsmith for our Debian packaging -- they're donating this service to our open source project and their team has been a pleasure to work with.

This release is the work of at least 20 contributors. Thank you!

Changelog

c5197f5 acme_server: fix reload of acme database (#3874)
06ba006 acme_server: switch to bbolt storage (#3868)
7a3d9d8 basicauth: Minor internal improvements (#3861)
937ec34 caddyauth: Prevent user enumeration by timing
4cff36d caddyauth: Use buffered channel passed to signal.Notify (#3895)
3d0e046 caddyauth: Use structured log
c6dec30 caddyfile: Add support for env var defaults; add tests (#3682)
635f075 caddyfile: Fix minor bug in formatter
63bda6a caddyhttp: Clean up internal auto-HTTPS redirect code
b8a799d caddyhttp: Document that remote_ip reads X-Forwarded-For header
4fc5707 caddyhttp: Fix header matcher when using nil
966d5e6 caddyhttp: Merge header matchers in Caddyfile (#3832)
b4f49e2 caddyhttp: Merge query matchers in Caddyfile (#3839)
1438e4d caddyhttp: New idle_timeout default of 5m
9157051 caddyhttp: Optimize large host matchers
deedf8a caddyhttp: Optionally use forwarded IP for remote_ip matcher
349457c caddyhttp: Return error if error handling error
b0f8fc7 caddytls: Configure trusted CAs from PEM files (#3882)
e384f07 caddytls: Improve alt chain preference settings
95af426 caddytls: Support ACME alt cert chain preferences
13781e6 caddytls: Support multiple issuers (#3862)
e7a5a38 cmd: add ability to read config from stdin (#3898)
eda9a1b fastcgi: Add timeouts support to Caddyfile adapter (#3842)
6e9ac24 fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)
7d7434c fileserver: Add debug logging
d8bcf5b fileserver: Fix "go up" links in browse listings (closes #3942)
8d038ca fileserver: Improve and clarify file hiding logic (#3844)
0a7721d fileserver: Preserve transformed root (fix #3838)
b6e96d6 go.mod: Update CertMagic
a748151 go.mod: Update CertMagic (fix #3911)
1e480b8 go.mod: update quic-go to v0.19.2 (#3880)
5643dc3 go.mod: update quic-go to v0.19.3 (#3901)
31fbcd7 go.mod: Upgrade some dependencies
a26f70a headers: Fix Caddyfile parsing with request matcher (#3892)
b0d5c2c headers: Support default header values in Caddyfile with '?' (#3807)
7c28ecb httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)
3cfefeb httpcaddyfile: Configure servers via global options (#3836)
7e71915 httpcaddyfile: Decrement counter when removing conn policy (fix #3906)
03d853e httpcaddyfile: Fix test on Windows
b6686a5 httpcaddyfile: Improve AP logic with OnDemand
63afffc httpcaddyfile: Proper log config with catch-all blocks (fix #3878)
db4f1c0 httpcaddyfile: Revise automation policy generation (#3824)
c898a37 httpcaddyfile: support matching headers that do not exist (#3909)
dd26875 logging: Fix for IP filtering
ebc278e metrics: allow disabling OpenMetrics negotiation (#3944)
670b723 requestbody: Add Caddyfile support (#3859)
99b8f44 reverse_proxy: Fix random_choose selection policy (#3811)
4a641f6 reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)
b660993 reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)
53aa60a reverseproxy: Handle "operation was canceled" errors (#3816)
6e0849d reverseproxy: Implement cookie hash selection policy (#3809)
9605853 reverseproxy: Logging for streaming and upgrades (#3689)
132525d reverseproxy: Minor lint fixes
860cc6a reverseproxy: Wire up some http transport options in Caddyfile (#3843)
c9fdff9 reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)
6ea6f3e reverseproxy: fix random hangs on http/2 requests with server push (#3875)

v2.3.0-rc.1

This is the first release candidate. We think 2.3 is ready to go, but we want to be extra sure! Please try it out in low-risk deployments and report any problems. Thank you!

Docs will be updated over the coming days and weeks. See the additional release notes from the beta release if you're coming from 2.2.

⚠️ The remote_ip matcher no longer reads the X-Forwarded-For header by default. This was undocumented behavior, and an unsafe default. If you happened to be relying on this, please enable forwarded (in the Caddyfile, just put forwarded as the first argument before the ranges) to maintain that behavior. Remember that headers are very easy to spoof.

⚠️ The experimental_http3 global option in the Caddyfile has been replaced with global server options, one of which is the experimental_http3 protocol. Docs will be updated shortly. This is still an unstable feature until HTTP/3 is finalized and our upstream QUIC/H3 lib is stable and we've decided to keep HTTP/3 enabled in the core by default.

Changelog

4cff36d caddyauth: Use buffered channel passed to signal.Notify (#3895)
3d0e046 caddyauth: Use structured log
63bda6a caddyhttp: Clean up internal auto-HTTPS redirect code
b8a799d caddyhttp: Document that remote_ip reads X-Forwarded-For header
9157051 caddyhttp: Optimize large host matchers
deedf8a caddyhttp: Optionally use forwarded IP for remote_ip matcher
e7a5a38 cmd: add ability to read config from stdin (#3898)
6e9ac24 fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)
a748151 go.mod: Update CertMagic (fix #3911)
31fbcd7 go.mod: Upgrade some dependencies
5643dc3 go.mod: update quic-go to v0.19.3 (#3901)
7e71915 httpcaddyfile: Decrement counter when removing conn policy (fix #3906)
c898a37 httpcaddyfile: support matching headers that do not exist (#3909)

v2.3.0-beta.1

Caddy 2.3 beta 1 is the first pre-release for Caddy 2.3! Please help test it in appropriate staging/test environments, and low-risk production environments. Major features and improvements include:

• Multi-issuer support. Caddy can now get certificates from multiple issuers for redundancy; if one fails, another will be tried. Caddy's new defaults are Let's Encrypt and ZeroSSL. Caddy is the first web server to support multiple issuers, offering unrivaled reliability for your site's HTTPS. It is the first ACME client to support multiple CA fallbacks.

• Improved on-demand TLS. On-demand TLS is where certificate obtain/renew operations are triggered on a TLS handshake that requires them. We've moved a lot of the processing to the background where possible (e.g. when an existing certificate is still usable) so more connections will finish their handshakes faster, and fewer handshakes will fail (however, you still need to watch the logs and fix the errors before it's too late).

• Support for alternate certificate chains. You can now customize which certificate chains to download from ACME servers that offer more than one.

• New map handler is ready for production use. It's been in Caddy for a few versions now but it's finally ready for production, with enhanced efficiency and functionality. It will be added to the documentation shortly. We have been using this handler with a customer in production for a while now, on an instance that is handling thousands of sites.

• Customize servers and listeners with the Caddyfile. The Caddyfile structure is oriented around sites for convenience, so customizing servers has not been possible until now. You can now use global options to configure servers and their listeners (for example, protocol options, socket read options, and more) without having to use JSON config.

This release also contains numerous bug fixes and other enhancements. Please help test it and report any issues with as much detail and simplification as you can, thank you!

This release is the work of at least 16 contributors.

Changelog

c5197f5 acme_server: fix reload of acme database (#3874)
06ba006 acme_server: switch to bbolt storage (#3868)
7a3d9d8 basicauth: Minor internal improvements (#3861)
937ec34 caddyauth: Prevent user enumeration by timing
c6dec30 caddyfile: Add support for env var defaults; add tests (#3682)
4fc5707 caddyhttp: Fix header matcher when using nil
966d5e6 caddyhttp: Merge header matchers in Caddyfile (#3832)
b4f49e2 caddyhttp: Merge query matchers in Caddyfile (#3839)
1438e4d caddyhttp: New idle_timeout default of 5m
349457c caddyhttp: Return error if error handling error
b0f8fc7 caddytls: Configure trusted CAs from PEM files (#3882)
95af426 caddytls: Support ACME alt cert chain preferences
13781e6 caddytls: Support multiple issuers (#3862)
eda9a1b fastcgi: Add timeouts support to Caddyfile adapter (#3842)
7d7434c fileserver: Add debug logging
8d038ca fileserver: Improve and clarify file hiding logic (#3844)
0a7721d fileserver: Preserve transformed root (fix #3838)
b6e96d6 go.mod: Update CertMagic
1e480b8 go.mod: update quic-go to v0.19.2 (#3880)
a26f70a headers: Fix Caddyfile parsing with request matcher (#3892)
b0d5c2c headers: Support default header values in Caddyfile with '?' (#3807)
7c28ecb httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)
3cfefeb httpcaddyfile: Configure servers via global options (#3836)
03d853e httpcaddyfile: Fix test on Windows
b6686a5 httpcaddyfile: Improve AP logic with OnDemand
63afffc httpcaddyfile: Proper log config with catch-all blocks (fix #3878)
db4f1c0 httpcaddyfile: Revise automation policy generation (#3824)
dd26875 logging: Fix for IP filtering
670b723 requestbody: Add Caddyfile support (#3859)
99b8f44 reverse_proxy: Fix random_choose selection policy (#3811)
4a641f6 reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)
b660993 reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)
53aa60a reverseproxy: Handle "operation was canceled" errors (#3816)
6e0849d reverseproxy: Implement cookie hash selection policy (#3809)
9605853 reverseproxy: Logging for streaming and upgrades (#3689)
860cc6a reverseproxy: Wire up some http transport options in Caddyfile (#3843)
c9fdff9 reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)
6ea6f3e reverseproxy: fix random hangs on http/2 requests with server push (#3875)

v2.2.1

This patch release contains a number of bug fixes. Thanks for the reports and the help in debugging them!

Update: December 2020: This tag is the same as v2.2.3. Somehow, an unauthorized tag v2.2.2 was released from a fork. Because the Go module proxy is append-only, we created the v2.2.3 tag so that v2.2.1 would remain the default "latest" until v2.3.0 stable is released in a few weeks.

Changelog

8515267 admin: lower log level to Debug for /metrics requests (#3749)
a33e4b5 caddyfile: Add support for vars and vars_regexp matchers (#3730)
385adf5 caddyhttp: Restore original request params before error handlers (#3781)
0fc47e8 map: Apply default if mapped output is nil
ef8a372 map: Bug fixes; null literal with hyphen in Caddyfile
25d2b4b map: Reimplement; multiple outputs; optimize
dadfe19 metrics: fix handler to not run the next route (#3769)
3b9eae7 reverseproxy: Change 500 error to 502 for lookup_srv config (#3771)
c7efb03 reverseproxy: Fix dial placeholders, SRV, active health checks (#3780)
fdfdc03 reverseproxy: Ignore RFC 1521 params in Content-Type header (#3758)
6722426 reverseproxy: allow no port for SRV; fix regression in d55d50b (#3756)
aa9c3eb reverseproxy: default to port 80 for upstreams in Caddyfile (#3772)

v2.2.0

We are pleased to release Caddy 2.2! Our community has spent a lot of time on bug fixes, as well as some new features you will like.

Highlights:

• Full support for ZeroSSL, a new ACME CA that is a viable alternative to Let's Encrypt. Its ACME endpoint is free to use and might even be a better fit for your deployment depending on your requirements (for example, it does not have tight rate limits and does not require the DNS challenge for wildcard certs). To clarify, ZeroSSL's ACME endpoint is RFC 8555-compliant and was already compatible with Caddy; we just made it easier to use by automating the EAB credentials for your convenience.
• We now have full control over our ACME stack! By replacing our previous underlying ACME library (lego) with ACMEz, Caddy can offer:
  • faster config reloads
  • more efficient cert management at scale
  • a more intuitive configuration experience
  • lighter builds
  • structured logs that are consistent with Caddy's other logs (which you have fine-grained control over).
  • (we no longer suffer from the limitations still shared by other lego-based ACME clients)
• Integrated support for Prometheus metrics. We decided that emitting metrics is something the core of the server has to do, rather than only a separate module. We will continue improving this with time. Huge thanks to @hairyhenderson for his skillful contributions.
• HTTP/2 server push has been re-introduced, this time better than it was in Caddy 1.
• Caddyfile enhancements, including:
  • Fully customize certificate issuers from the Caddyfile. Up until now, you could only customize certain parts of the ACME issuer or choose the Internal issuer from the Caddyfile; now you have full control.
  • Named matchers can be defined inside route blocks.
  • Customize log encoders.
  • dns property for issuer subdirective of tls directive that allows full customization of DNS challenge (those providers which support the Caddyfile)
  • Bug fixes
• ⚠️ The logfmt log encoder has been deprecated and will be removed. (It is already broken since it does not encode objects, so if you used it you probably stopped using it anyway.)
• Customizable DNS resolver for reverse proxy
• Latest HTTP/3 version
• Numerous bug fixes and other enhancements! Notable bug fixes related to:
  • ACME DNS challenge providers
  • Custom resolvers for the DNS challenge
  • ACME EAB (External Account Binding)
  • Panic recovery
  • Startup time when managing lots of certificates
  • Correct port for active health checks (reverse_proxy module)
  • Windows paths
  • File hiding logic (file_server module)
  • Bidirectional streaming (reverse_proxy module; specifically benefits v2ray use)
  • More consistent, structured error logging when produced from HTTP code in Go's standard library
  • New placeholders and log fields, especially pertaining to TLS, ACME, and HTTP

Special thanks to @francislavoie and @mohammed90 and @hairyhenderson and others in our community for their continual aid with many bug reports and feature requests.

Changelog

(Includes pre-releases)

af5c148 admin,templates,core: Minor enhancements and error handling (#3607)
d4f2497 browse: align template to struct field renames from 4940325 (#3706)
8a0fff5 caddyauth: hash-password: Set bcrypt cost to 14 (#3580)
fb9d874 caddyfile: Export Tokenize function for lexing (#3549)
6f0f159 caddyhttp: Add {http.request.body} placeholder
514eef3 caddyhttp: Add support to resolve DN in CEL expression (#3608)
65a0952 caddyhttp: Add TLS client cert info to logs (#3640)
b01bb27 caddyhttp: New placeholder for PEM of client certificate (#3662)
c82c231 caddyhttp: Remove server name from metrics
0bf2565 caddyhttp: Reorder some access log fields; add host matcher test case
04f50a9 caddyhttp: Wrap http.Server logging with zap (#3668)
00e6b77 caddytls: Add dns config to acmeissuer (#3701)
66863aa caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)
744d04c caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)
24f3478 caddytls: Customize DNS resolvers for DNS challenge with Caddyfile
9859ab8 caddytls: Fix resolvers option of acme issuer (Caddyfile)
efc0cc5 caddytls: Move initial storage clean op into goroutine
6a14e2c caddytls: Replace lego with acmez (#3621)
b88e2b6 cmd: Allow caddy fmt to read from stdin (#3680)
68529e2 cmd: Print caddy version with environ or --environ (#3627)
2ae8c11 fastcgi: Add resolve_root_symlink (#3587)
0665a86 fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)
3fdaf50 fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)
3860b23 fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)
735c866 fileserver: Enable browse pagination with offset parameter (#3542)
4940325 fileserver: Fix inconsistencies in browse JSON
1c5969b fileserver: Fix new file hide tests on Windows (#3719)
c054a81 fileserver: Fix newly-introduced failing test on Linux (#3625)
b95b873 fileserver: Fix try_files for directories; windows fix (#3684)
0ee4378 fileserver: Improve file hiding logic for directories and prefixes
c42bfaf go.mod: Bump CertMagic
28d870c go.mod: Update quic-go, truststore, and goldmark
c6d6a77 go.mod: Update some dependencies
2a5599e go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid
3ee663d go.mod: Upgrade dependencies
997ef52 go.mod: Use v0.15(.1) of smallstep libs
6f73a35 httpcaddyfile: Add compression to http transport config (#3624)
584eba9 httpcaddyfile: Allow named matchers in route blocks (#3632)
ff19bdd httpcaddyfile: Avoid repeated subjects in APs (fix #3618)
8b80a32 httpcaddyfile: Bring enforce_origin and origins to admin config (#3595)
fe27f9c httpcaddyfile: Disallow args on route/handle directive family (#3740)
e3324aa httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676)
be6daa5 httpcaddyfile: Fix panic when parsing route with matchers (#3746)
0afbab8 httpcaddyfile: Improve directive sorting logic (#3658)
4217217 httpcaddyfile: Properly record whether we added catch-all conn policy
7bfe5b6 httpcaddyfile: Reorder automation policy logic (close #3550)
eda54c2 logging: ⚠️ Deprecate logfmt encoder
309c1fe logging: Implement Caddyfile support for filter encoder (#3578)
f197cec metrics: Always track method label in uppercase (#3742)
d16ede3 metrics: Fix hidden panic while observing with bad exemplars (#3733)
b1d456d metrics: Fix panic when headers aren't written (#3737)
8ec51bb metrics: Initial integration of Prometheus metrics (#3709)
6cea1f2 push: Implement HTTP/2 server push (#3573)
904f149 reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)
e9b1d7d reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)
724b74d reverseproxy: Abort active health checks on context cancellation
4cd7ae3 reverseproxy: Add buffer_requests option to reverse_proxy directive (#3710)
bd9d796 reverseproxy: add support for custom DNS resolver (#3479)
bc453fa reverseproxy: Correct alternate port for active health checks (#3693)
d55d50b reverseproxy: Enforce port range size of 1 at provision (#3695)
19cc2bd reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)
c94f5bb reverseproxy: Make default buffer size const
e2f913b reverseproxy: Minor fixes and cleanup
246a31a reverseproxy: Restore request's original host and header (fix #3509)
fc65320 reverseproxy: Support header selection policy on Host field (#3653)
c358200 templates: Disable hard wraps in Markdown rendering (#3553)
a2dae1d templates: Fix front matter closing fence search
2bc30bb templates: Implement placeholders function (#3324)

v2.2.0-rc.3

Use this one instead. :)

Changelog

c82c231 caddyhttp: Remove server name from metrics
d16ede3 metrics: Fix hidden panic while observing with bad exemplars (#3733)

v2.2.0-rc.2

Edit: Don't use rc2, use rc3 instead. (Released just a few hours later as a hotfix.)

The next release candidate for v2.2.0 - please try it out before the final tag! As always, deploy into a test or staging environment before production.

There are a lot of commits in this release because the milestone moved while we fixed problems that were reported, and we also wanted to make sure the final v2.2 release will be good and solid. Most of these commits are bug fixes, but we've also added Caddyfile support for several features, and notably: integrated Prometheus metrics. (Thanks @hairyhenderson and other contributors! That was a team effort.)

As you might expect, this release builds on all changes in RC1.

The documentation on our website will be updated after the final release is tagged.

Changelog

d4f2497 browse: align template to struct field renames from 4940325 (#3706)
b01bb27 caddyhttp: New placeholder for PEM of client certificate (#3662)
04f50a9 caddyhttp: Wrap http.Server logging with zap (#3668)
00e6b77 caddytls: Add dns config to acmeissuer (#3701)
744d04c caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)
24f3478 caddytls: Customize DNS resolvers for DNS challenge with Caddyfile
9859ab8 caddytls: Fix resolvers option of acme issuer (Caddyfile)
b88e2b6 cmd: Allow caddy fmt to read from stdin (#3680)
4940325 fileserver: Fix inconsistencies in browse JSON
1c5969b fileserver: Fix new file hide tests on Windows (#3719)
b95b873 fileserver: Fix try_files for directories; windows fix (#3684)
0ee4378 fileserver: Improve file hiding logic for directories and prefixes
3ee663d go.mod: Upgrade dependencies
997ef52 go.mod: Use v0.15(.1) of smallstep libs
e3324aa httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676)
0afbab8 httpcaddyfile: Improve directive sorting logic (#3658)
4217217 httpcaddyfile: Properly record whether we added catch-all conn policy
309c1fe logging: Implement Caddyfile support for filter encoder (#3578)
8ec51bb metrics: Initial integration of Prometheus metrics (#3709)
724b74d reverseproxy: Abort active health checks on context cancellation
4cd7ae3 reverseproxy: Add buffer_requests option to reverse_proxy directive (#3710)
bc453fa reverseproxy: Correct alternate port for active health checks (#3693)
d55d50b reverseproxy: Enforce port range size of 1 at provision (#3695)
c94f5bb reverseproxy: Make default buffer size const
fc65320 reverseproxy: Support header selection policy on Host field (#3653)

v2.2.0-rc.1

The release candidate for v2.2.0 - please try it out before the final release! As always, deploy into a test or staging environment before production.

Highlights:

• Replaced the old underlying ACME library (lego) with ACMEz - we now have full control over the entire certificate management stack! Config reloads will be faster and certificate management at scale will be smoother. The logs for cert operations is now consistent with Caddy's structured logs.
• Full support for a new ACME CA! ZeroSSL is an alternative CA to Let's Encrypt. Its ACME endpoint is free to use! To clarify, ZeroSSL's ACME endpoint is RFC 8555-compliant and was already compatible with Caddy; we just made it easier to use by automating the EAB credentials for your convenience. (Known issue: Must use RSA certificate keys for now. This is queued to be fixed by upstream service provider.)
• Fully customize certificate issuers from the Caddyfile. Up until now, you could only customize certain parts of the ACME issuer or choose the Internal issuer from the Caddyfile; now you have full control.
• Re-introduced HTTP/2 server push similar to how it was available in Caddy v1, but now a little better.
• ⚠️ The logfmt log encoder has been deprecated and will be removed. (It is already broken since it does not encode objects.)
• Customizable DNS resolver for reverse proxy.
• Numerous bug fixes and other enhancements!

Changelog

af5c148 admin,templates,core: Minor enhancements and error handling (#3607)
8a0fff5 caddyauth: hash-password: Set bcrypt cost to 14 (#3580)
fb9d874 caddyfile: Export Tokenize function for lexing (#3549)
65a0952 caddyhttp: Add TLS client cert info to logs (#3640)
514eef3 caddyhttp: Add support to resolve DN in CEL expression (#3608)
6f0f159 caddyhttp: Add {http.request.body} placeholder
0bf2565 caddyhttp: Reorder some access log fields; add host matcher test case
66863aa caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)
efc0cc5 caddytls: Move initial storage clean op into goroutine
6a14e2c caddytls: Replace lego with acmez (#3621)
68529e2 cmd: Print caddy version with environ or --environ (#3627)
2ae8c11 fastcgi: Add resolve_root_symlink (#3587)
0665a86 fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)
3fdaf50 fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)
3860b23 fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)
735c866 fileserver: Enable browse pagination with offset parameter (#3542)
c054a81 fileserver: Fix newly-introduced failing test on Linux (#3625)
c42bfaf go.mod: Bump CertMagic
28d870c go.mod: Update quic-go, truststore, and goldmark
c6d6a77 go.mod: Update some dependencies
2a5599e go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid
6f73a35 httpcaddyfile: Add compression to http transport config (#3624)
584eba9 httpcaddyfile: Allow named matchers in route blocks (#3632)
ff19bdd httpcaddyfile: Avoid repeated subjects in APs (fix #3618)
8b80a32 httpcaddyfile: Bring enforce_origin and origins to admin config (#3595)
7bfe5b6 httpcaddyfile: Reorder automation policy logic (close #3550)
eda54c2 logging: ⚠️ Deprecate logfmt encoder
6cea1f2 push: Implement HTTP/2 server push (#3573)
904f149 reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)
e9b1d7d reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)
19cc2bd reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)
e2f913b reverseproxy: Minor fixes and cleanup
246a31a reverseproxy: Restore request's original host and header (fix #3509)
bd9d796 reverseproxy: add support for custom DNS resolver (#3479)
c358200 templates: Disable hard wraps in Markdown rendering (#3553)
a2dae1d templates: Fix front matter closing fence search
2bc30bb templates: Implement placeholders function (#3324)