This patch release fixes bugs, adds some new features, and makes worthwhile enhancements. We recommend everyone test and upgrade!
Many improvements have been made to the reverse_proxy module.
Highlights:
- New
/adaptadmin endpoint: Use your installed config adapters via API in addition to the existingcaddy adaptCLI command. - New
Etag/If-Matchsupport for config API: Safely update your config concurrently and avoid collisions by using our unique Etag implementation. - Rename copied headers from reverse_proxy: If you're using
handle_response, you can more easily map headers to a different name for clients. - Many HTTP matchers have been added to CEL: You can now use the logic of our HTTP request matchers in CEL expressions.
- Notable bug fixes: EAB reuse, various QUIC & HTTP/3 fixes, more specific HTTP status codes, various reverse proxy fixes.
Changelog
- 660c59b admin: Implement /adapt endpoint (close #4465) (#4846)
- ad3a83f admin: expect quoted ETags (#4879)
- f259ed5 admin: support ETag on config endpoints (#4579)
- 1498132 caddyhttp: Log error from CEL evaluation (fix #4832)
- 0a14f97 caddytls: Make peer certificate verification pluggable (#4389)
- 412dcc0 caddytls: Reuse issuer between PreCheck and Issue (#4866)
- 499ad6d core: Micro-optim in run() (#4810)
- c0f76e9 fileserver: Use safe redirects in file browser
- 58e05ca forwardauth: Fix case when
copy_headersis omitted (#4856) - 0b6f764 forwardauth: Support renaming copied headers, block support (#4783)
- 8bac134 go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
- 3d18bc5 go.mod: Update go-yaml to v3
- 5601393 go.mod: Update some dependencies
- 8e6bc36 go.mod: Upgrade some dependencies
- 53c4d78 headers: Only replace known placeholders (#4880)
- 0bcd02d headers: Support wildcards for delete ops (close #4830) (#4831)
- 58970ca httpcaddyfile: Add
{err.*}placeholder shortcut (#4798) - b687d7b httpcaddyfile: Support multiple values for
default_bind(#4774) - a926779 reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
- aaf6794 reverseproxy: Add renegotiation param in TLS client (#4784)
- 54d1923 reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
- 7f9b1f4 reverseproxy: Correct the
tls_server_namedocs (#4827) - c82fe91 reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
- d6bc9e0 reverseproxy: Err 503 if all upstreams unavailable
- 98468af reverseproxy: Fix double headers in response handlers (#4847)
- 25f1051 reverseproxy: Fix panic when TLS is not configured (#4848)
- 5e729c1 reverseproxy: HTTP 504 for upstream timeouts (#4824)
- f9b42c3 reverseproxy: Make TLS renegotiation optional
- b6e96fa reverseproxy: Skip TLS for certain configured ports (#4843)
- 57d27c1 reverseproxy: Support http1.1>h2c (close #4777) (#4778)
- 9864b13 reverseproxy: api: Remove misleading 'healthy' value
- 693e9b5 rewrite: Handle fragment before query (fix #4775)
- 6891f7f templates: Add
humanizefunction (#4767) - 9e760e2 templates: Documentation consistency (#4796)
New Contributors
- @nekohasekai made their first contribution in #4782
- @davidbgk made their first contribution in #4796
- @git001 made their first contribution in #4767
- @varianone made their first contribution in #4817
- @Gr33nbl00d made their first contribution in #4389
- @yaslama made their first contribution in #4784
- @kresike made their first contribution in #4836
- @TristonianJones made their first contribution in #4715
- @jhwz made their first contribution in #4579
Full Changelog: v2.5.1...v2.5.2