Caddy v2.2.0 Release Notes

Release Date: 2020-09-24 // over 3 years ago
  • ๐Ÿš€ We are pleased to release Caddy 2.2! Our community has spent a lot of time on bug fixes, as well as some new features you will like.

    Highlights:

    • ๐Ÿš€ Full support for ZeroSSL, a new ACME CA that is a viable alternative to Let's Encrypt. Its ACME endpoint is free to use and might even be a better fit for your deployment depending on your requirements (for example, it does not have tight rate limits and does not require the DNS challenge for wildcard certs). To clarify, ZeroSSL's ACME endpoint is RFC 8555-compliant and was already compatible with Caddy; we just made it easier to use by automating the EAB credentials for your convenience.
    • We now have full control over our ACME stack! By replacing our previous underlying ACME library (lego) with ACMEz, Caddy can offer:
      • faster config reloads
      • more efficient cert management at scale
      • a more intuitive configuration experience
      • lighter builds
      • structured logs that are consistent with Caddy's other logs (which you have fine-grained control over).
      • (we no longer suffer from the limitations still shared by other lego-based ACME clients)
    • โ†” Integrated support for Prometheus metrics. We decided that emitting metrics is something the core of the server has to do, rather than only a separate module. We will continue improving this with time. Huge thanks to @hairyhenderson for his skillful contributions.
    • ๐Ÿ“„ HTTP/2 server push has been re-introduced, this time better than it was in Caddy 1.
    • Caddyfile enhancements, including:
      • Fully customize certificate issuers from the Caddyfile. Up until now, you could only customize certain parts of the ACME issuer or choose the Internal issuer from the Caddyfile; now you have full control.
      • Named matchers can be defined inside route blocks.
      • Customize log encoders.
      • dns property for issuer subdirective of tls directive that allows full customization of DNS challenge (those providers which support the Caddyfile)
      • Bug fixes
    • ๐Ÿฑ โš ๏ธ The logfmt log encoder has been deprecated and will be removed. (It is already broken since it does not encode objects, so if you used it you probably stopped using it anyway.)
    • Customizable DNS resolver for reverse proxy
    • โœ… Latest HTTP/3 version
    • ๐Ÿ›  Numerous bug fixes and other enhancements! Notable bug fixes related to:
      • ACME DNS challenge providers
      • Custom resolvers for the DNS challenge
      • ACME EAB (External Account Binding)
      • Panic recovery
      • Startup time when managing lots of certificates
      • Correct port for active health checks (reverse_proxy module)
      • Windows paths
      • File hiding logic (file_server module)
      • Bidirectional streaming (reverse_proxy module; specifically benefits v2ray use)
      • More consistent, structured error logging when produced from HTTP code in Go's standard library
      • New placeholders and log fields, especially pertaining to TLS, ACME, and HTTP

    Special thanks to @francislavoie and @Mohammed90 and @hairyhenderson and others in our community for their continual aid with many bug reports and feature requests.

    ๐Ÿ”„ Changelog

    ๐Ÿš€ (Includes pre-releases)

    af5c148 admin,templates,core: Minor enhancements and error handling (#3607)
    d4f2497 browse: align template to struct field renames from 4940325 (#3706)
    8a0fff5 caddyauth: hash-password: Set bcrypt cost to 14 (#3580)
    fb9d874 caddyfile: Export Tokenize function for lexing (#3549)
    6f0f159 caddyhttp: Add {http.request.body} placeholder
    ๐Ÿ‘ 514eef3 caddyhttp: Add support to resolve DN in CEL expression (#3608)
    ๐Ÿ”Š 65a0952 caddyhttp: Add TLS client cert info to logs (#3640)
    b01bb27 caddyhttp: New placeholder for PEM of client certificate (#3662)
    ๐Ÿšš c82c231 caddyhttp: Remove server name from metrics
    โœ… 0bf2565 caddyhttp: Reorder some access log fields; add host matcher test case
    ๐ŸŒฒ 04f50a9 caddyhttp: Wrap http.Server logging with zap (#3668)
    00e6b77 caddytls: Add dns config to acmeissuer (#3701)
    ๐Ÿ‘ 66863aa caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)
    ๐Ÿ”ง 744d04c caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)
    24f3478 caddytls: Customize DNS resolvers for DNS challenge with Caddyfile
    9859ab8 caddytls: Fix resolvers option of acme issuer (Caddyfile)
    ๐Ÿšš efc0cc5 caddytls: Move initial storage clean op into goroutine
    6a14e2c caddytls: Replace lego with acmez (#3621)
    b88e2b6 cmd: Allow caddy fmt to read from stdin (#3680)
    ๐Ÿ–จ 68529e2 cmd: Print caddy version with environ or --environ (#3627)
    2ae8c11 fastcgi: Add resolve_root_symlink (#3587)
    0665a86 fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)
    3fdaf50 fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)
    3860b23 fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)
    735c866 fileserver: Enable browse pagination with offset parameter (#3542)
    4940325 fileserver: Fix inconsistencies in browse JSON
    ๐Ÿ 1c5969b fileserver: Fix new file hide tests on Windows (#3719)
    ๐Ÿง c054a81 fileserver: Fix newly-introduced failing test on Linux (#3625)
    ๐Ÿ b95b873 fileserver: Fix try_files for directories; windows fix (#3684)
    ๐Ÿ›  0ee4378 fileserver: Improve file hiding logic for directories and prefixes
    c42bfaf go.mod: Bump CertMagic
    โšก๏ธ 28d870c go.mod: Update quic-go, truststore, and goldmark
    โšก๏ธ c6d6a77 go.mod: Update some dependencies
    โฌ‡๏ธ 2a5599e go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid
    โฌ†๏ธ 3ee663d go.mod: Upgrade dependencies
    997ef52 go.mod: Use v0.15(.1) of smallstep libs
    6f73a35 httpcaddyfile: Add compression to http transport config (#3624)
    584eba9 httpcaddyfile: Allow named matchers in route blocks (#3632)
    ff19bdd httpcaddyfile: Avoid repeated subjects in APs (fix #3618)
    8b80a32 httpcaddyfile: Bring enforce_origin and origins to admin config (#3595)
    fe27f9c httpcaddyfile: Disallow args on route/handle directive family (#3740)
    e3324aa httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676)
    ๐Ÿ“œ be6daa5 httpcaddyfile: Fix panic when parsing route with matchers (#3746)
    0afbab8 httpcaddyfile: Improve directive sorting logic (#3658)
    4217217 httpcaddyfile: Properly record whether we added catch-all conn policy
    7bfe5b6 httpcaddyfile: Reorder automation policy logic (close #3550)
    ๐Ÿฑ eda54c2 logging: โš ๏ธ Deprecate logfmt encoder
    ๐ŸŒฒ 309c1fe logging: Implement Caddyfile support for filter encoder (#3578)
    f197cec metrics: Always track method label in uppercase (#3742)
    d16ede3 metrics: Fix hidden panic while observing with bad exemplars (#3733)
    b1d456d metrics: Fix panic when headers aren't written (#3737)
    8ec51bb metrics: Initial integration of Prometheus metrics (#3709)
    6cea1f2 push: Implement HTTP/2 server push (#3573)
    904f149 reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)
    e9b1d7d reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)
    724b74d reverseproxy: Abort active health checks on context cancellation
    4cd7ae3 reverseproxy: Add buffer_requests option to reverse_proxy directive (#3710)
    ๐Ÿ‘ bd9d796 reverseproxy: add support for custom DNS resolver (#3479)
    bc453fa reverseproxy: Correct alternate port for active health checks (#3693)
    d55d50b reverseproxy: Enforce port range size of 1 at provision (#3695)
    ๐Ÿ“œ 19cc2bd reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)
    0๏ธโƒฃ c94f5bb reverseproxy: Make default buffer size const
    ๐Ÿ›  e2f913b reverseproxy: Minor fixes and cleanup
    โช 246a31a reverseproxy: Restore request's original host and header (fix #3509)
    ๐Ÿ‘ fc65320 reverseproxy: Support header selection policy on Host field (#3653)
    c358200 templates: Disable hard wraps in Markdown rendering (#3553)
    a2dae1d templates: Fix front matter closing fence search
    2bc30bb templates: Implement placeholders function (#3324)