Change8

v2.11.0-beta.1

📦 caddy
10 features🐛 28 fixes🔧 47 symbols

Summary

This beta release (2.11) introduces a new automated release workflow and includes numerous minor bug fixes and enhancements, notably replacing the logging library with one supporting time-rolling and adding support for named socket activation.

Migration Steps

  1. If you rely on the logging library, note that it has been switched from "lumberjack" to "timberjack"; this may require configuration adjustments if you were using specific features of the old library, especially regarding time-rolling.
  2. If you use `SIGUSR1` for configuration reloading, ensure your configuration is loaded via the CLI and has not been modified via the Admin API since the last load for the signal to take effect.

✨ New Features

  • SIGUSR1 can now be used to reload configuration only if it was loaded from a file using the CLI, and not changed by the API since then.
  • Replaced logging library "lumberjack" with "timberjack" which supports time-rolling.
  • Caddy can now bind listeners with named socket activation.
  • basicauth: Implement argon2id.
  • caddyhttp: Add `trusted_proxies_unix` for trusting unix socket `X-Forwarded-*` headers.
  • caddyhttp: Add server options `keepalive_idle` and `keepalive_count`.
  • caddyhttp: Allow customizing the Server header.
  • caddyfile: Allow `block` to do nothing if nothing passed to `import`.
  • caddypki: Disable internal auto-CA when auto_https is disabled.
  • caddytls: Allow disabling distributed solving (except http-01).

🐛 Bug Fixes

  • Fix response corruption when handle_errors is used.
  • caddyfile: fix nested quotes formatted incorrectly by fmt.
  • caddyfile: prevent adding trailing space on line before env variable.
  • caddyhttp: Normalize (lowercase) {label.N} placeholders.
  • caddyhttp: add replacer placeholders for escaped values.
  • caddyhttp: omit unnecessary reassignment.
  • caddyhttp: remove redundant middleware next copy.
  • caddyhttp: wrap accepted connection to suppress tls.ConnectionState.
  • caddypki: check intermediate lifetime to actual root cert lifetime.
  • cmd: prevent commas in header values from being split.
  • core: Reloading with `SIGUSR1` if config never changed via admin.
  • core: use reflect.TypeFor to check for encoding/json.RawMessage.
  • encode: add graphql-response header to list.
  • encode: modernize, replace HasSuffix+TrimSuffix with CutSuffix.
  • fileserver: set Content-Length for precompressed files.
  • httpcaddyfile: Add missing DNS challenge check for `acme_dns`.
  • httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults.
  • intercept: use already buffered response if possible when intercepting.
  • logging: Adjustments to BufferedLog to keep logs in the correct order.
  • logging: Buffer the logs before config is loaded.
  • logging: fix multiple regexp filters on same field.
  • metrics: resolve per-host inifinite cardinality.
  • reverse_proxy: use http1 for outbound tls requests with placeholder that are likely websockets.
  • reverse_proxy: Use http1.1 upgrade for websocket for extended connect of http2 and http3.
  • reverseproxy: Fix retries for requests with bodies.
  • reverseproxy: do not disable keepalive if proxy protocol is used.
  • reverseproxy: set default values for keepalive if only some of them are set.
  • reverseproxy: use http.Protocols to handle h2c requests.

🔧 Affected Symbols

lumberjacktimberjackSIGUSR1basicauthargon2idcaddyhttptrusted_proxies_unixkeepalive_idlekeepalive_countServer headercaddyfileimportcaddypkiauto_httpscaddytlsLeafFolderLoaderencodegraphql-responseHasSuffixTrimSuffixCutSuffixfileserverContent-Lengthquic-gohttpcaddyfileacme_dnsdefault_bindBindHostglobalACMEDefaultsinterceptlistenersnamed socket activationloggingBufferedLogmetricsreverse_proxyhttp1websocketsreverse_proxy transportsreverseproxy retriesreverseproxy websocket upgradeproxy protocolreverseproxy keepalivehttp.Protocolsh2c requeststracingOpenTelemetry span exporter