Skip to content

v2.2.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Sep 18:00
· 1122 commits to master since this release
v2.2.0
This tag was signed with the committer’s verified signature.
mholt Matt Holt
GPG key ID: 2A349DD577D586A5
Learn about vigilant mode.
f197cec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

We are pleased to release Caddy 2.2! Our community has spent a lot of time on bug fixes, as well as some new features you will like.

Highlights:

  • Full support for ZeroSSL, a new ACME CA that is a viable alternative to Let's Encrypt. Its ACME endpoint is free to use and might even be a better fit for your deployment depending on your requirements (for example, it does not have tight rate limits and does not require the DNS challenge for wildcard certs). To clarify, ZeroSSL's ACME endpoint is RFC 8555-compliant and was already compatible with Caddy; we just made it easier to use by automating the EAB credentials for your convenience.
  • We now have full control over our ACME stack! By replacing our previous underlying ACME library (lego) with ACMEz, Caddy can offer:
    • faster config reloads
    • more efficient cert management at scale
    • a more intuitive configuration experience
    • lighter builds
    • structured logs that are consistent with Caddy's other logs (which you have fine-grained control over).
    • (we no longer suffer from the limitations still shared by other lego-based ACME clients)
  • Integrated support for Prometheus metrics. We decided that emitting metrics is something the core of the server has to do, rather than only a separate module. We will continue improving this with time. Huge thanks to @hairyhenderson for his skillful contributions.
  • HTTP/2 server push has been re-introduced, this time better than it was in Caddy 1.
  • Caddyfile enhancements, including:
    • Fully customize certificate issuers from the Caddyfile. Up until now, you could only customize certain parts of the ACME issuer or choose the Internal issuer from the Caddyfile; now you have full control.
    • Named matchers can be defined inside route blocks.
    • Customize log encoders.
    • dns property for issuer subdirective of tls directive that allows full customization of DNS challenge (those providers which support the Caddyfile)
    • Bug fixes
  • ⚠️ The logfmt log encoder has been deprecated and will be removed. (It is already broken since it does not encode objects, so if you used it you probably stopped using it anyway.)
  • Customizable DNS resolver for reverse proxy
  • Latest HTTP/3 version
  • Numerous bug fixes and other enhancements! Notable bug fixes related to:
    • ACME DNS challenge providers
    • Custom resolvers for the DNS challenge
    • ACME EAB (External Account Binding)
    • Panic recovery
    • Startup time when managing lots of certificates
    • Correct port for active health checks (reverse_proxy module)
    • Windows paths
    • File hiding logic (file_server module)
    • Bidirectional streaming (reverse_proxy module; specifically benefits v2ray use)
    • More consistent, structured error logging when produced from HTTP code in Go's standard library
    • New placeholders and log fields, especially pertaining to TLS, ACME, and HTTP

Special thanks to @francislavoie and @mohammed90 and @hairyhenderson and others in our community for their continual aid with many bug reports and feature requests.

Changelog

(Includes pre-releases)

af5c148 admin,templates,core: Minor enhancements and error handling (#3607)
d4f2497 browse: align template to struct field renames from 4940325 (#3706)
8a0fff5 caddyauth: hash-password: Set bcrypt cost to 14 (#3580)
fb9d874 caddyfile: Export Tokenize function for lexing (#3549)
6f0f159 caddyhttp: Add {http.request.body} placeholder
514eef3 caddyhttp: Add support to resolve DN in CEL expression (#3608)
65a0952 caddyhttp: Add TLS client cert info to logs (#3640)
b01bb27 caddyhttp: New placeholder for PEM of client certificate (#3662)
c82c231 caddyhttp: Remove server name from metrics
0bf2565 caddyhttp: Reorder some access log fields; add host matcher test case
04f50a9 caddyhttp: Wrap http.Server logging with zap (#3668)
00e6b77 caddytls: Add dns config to acmeissuer (#3701)
66863aa caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)
744d04c caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)
24f3478 caddytls: Customize DNS resolvers for DNS challenge with Caddyfile
9859ab8 caddytls: Fix resolvers option of acme issuer (Caddyfile)
efc0cc5 caddytls: Move initial storage clean op into goroutine
6a14e2c caddytls: Replace lego with acmez (#3621)
b88e2b6 cmd: Allow caddy fmt to read from stdin (#3680)
68529e2 cmd: Print caddy version with environ or --environ (#3627)
2ae8c11 fastcgi: Add resolve_root_symlink (#3587)
0665a86 fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)
3fdaf50 fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)
3860b23 fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)
735c866 fileserver: Enable browse pagination with offset parameter (#3542)
4940325 fileserver: Fix inconsistencies in browse JSON
1c5969b fileserver: Fix new file hide tests on Windows (#3719)
c054a81 fileserver: Fix newly-introduced failing test on Linux (#3625)
b95b873 fileserver: Fix try_files for directories; windows fix (#3684)
0ee4378 fileserver: Improve file hiding logic for directories and prefixes
c42bfaf go.mod: Bump CertMagic
28d870c go.mod: Update quic-go, truststore, and goldmark
c6d6a77 go.mod: Update some dependencies
2a5599e go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid
3ee663d go.mod: Upgrade dependencies
997ef52 go.mod: Use v0.15(.1) of smallstep libs
6f73a35 httpcaddyfile: Add compression to http transport config (#3624)
584eba9 httpcaddyfile: Allow named matchers in route blocks (#3632)
ff19bdd httpcaddyfile: Avoid repeated subjects in APs (fix #3618)
8b80a32 httpcaddyfile: Bring enforce_origin and origins to admin config (#3595)
fe27f9c httpcaddyfile: Disallow args on route/handle directive family (#3740)
e3324aa httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676)
be6daa5 httpcaddyfile: Fix panic when parsing route with matchers (#3746)
0afbab8 httpcaddyfile: Improve directive sorting logic (#3658)
4217217 httpcaddyfile: Properly record whether we added catch-all conn policy
7bfe5b6 httpcaddyfile: Reorder automation policy logic (close #3550)
eda54c2 logging: ⚠️ Deprecate logfmt encoder
309c1fe logging: Implement Caddyfile support for filter encoder (#3578)
f197cec metrics: Always track method label in uppercase (#3742)
d16ede3 metrics: Fix hidden panic while observing with bad exemplars (#3733)
b1d456d metrics: Fix panic when headers aren't written (#3737)
8ec51bb metrics: Initial integration of Prometheus metrics (#3709)
6cea1f2 push: Implement HTTP/2 server push (#3573)
904f149 reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)
e9b1d7d reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)
724b74d reverseproxy: Abort active health checks on context cancellation
4cd7ae3 reverseproxy: Add buffer_requests option to reverse_proxy directive (#3710)
bd9d796 reverseproxy: add support for custom DNS resolver (#3479)
bc453fa reverseproxy: Correct alternate port for active health checks (#3693)
d55d50b reverseproxy: Enforce port range size of 1 at provision (#3695)
19cc2bd reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)
c94f5bb reverseproxy: Make default buffer size const
e2f913b reverseproxy: Minor fixes and cleanup
246a31a reverseproxy: Restore request's original host and header (fix #3509)
fc65320 reverseproxy: Support header selection policy on Host field (#3653)
c358200 templates: Disable hard wraps in Markdown rendering (#3553)
a2dae1d templates: Fix front matter closing fence search
2bc30bb templates: Implement placeholders function (#3324)

Assets 23