Caddy v2.3.0-beta.1 Release NotesRelease Date: 2020-11-30 // 3 months ago
🚀 Caddy 2.3 beta 1 is the first pre-release for Caddy 2.3! Please help test it in appropriate staging/test environments, and low-risk production environments. Major features and improvements include:
👍 Multi-issuer support. Caddy can now get certificates from multiple issuers for redundancy; if one fails, another will be tried. Caddy's new defaults are Let's Encrypt and ZeroSSL. Caddy is the first web server to support multiple issuers, offering unrivaled reliability for your site's HTTPS. It is the first ACME client to support multiple CA fallbacks.
👌 Improved on-demand TLS. On-demand TLS is where certificate obtain/renew operations are triggered on a TLS handshake that requires them. We've moved a lot of the processing to the background where possible (e.g. when an existing certificate is still usable) so more connections will finish their handshakes faster, and fewer handshakes will fail (however, you still need to watch the logs and fix the errors before it's too late).
👌 Support for alternate certificate chains. You can now customize which certificate chains to download from ACME servers that offer more than one.
maphandler is ready for production use. It's been in Caddy for a few versions now but it's finally ready for production, with enhanced efficiency and functionality. It will be added to the documentation shortly. We have been using this handler with a customer in production for a while now, on an instance that is handling thousands of sites.
Customize servers and listeners with the Caddyfile. The Caddyfile structure is oriented around sites for convenience, so customizing servers has not been possible until now. You can now use global options to configure servers and their listeners (for example, protocol options, socket read options, and more) without having to use JSON config.
🚀 This release also contains numerous bug fixes and other enhancements. Please help test it and report any issues with as much detail and simplification as you can, thank you!
🚀 This release is the work of at least 16 contributors.
c5197f5 acme_server: fix reload of acme database (#3874)
06ba006 acme_server: switch to bbolt storage (#3868)
7a3d9d8 basicauth: Minor internal improvements (#3861)
937ec34 caddyauth: Prevent user enumeration by timing
✅ c6dec30 caddyfile: Add support for env var defaults; add tests (#3682)
4fc5707 caddyhttp: Fix header matcher when using nil
🔀 966d5e6 caddyhttp: Merge header matchers in Caddyfile (#3832)
🔀 b4f49e2 caddyhttp: Merge query matchers in Caddyfile (#3839)
0️⃣ 1438e4d caddyhttp: New idle_timeout default of 5m
349457c caddyhttp: Return error if error handling error
🔧 b0f8fc7 caddytls: Configure trusted CAs from PEM files (#3882)
👍 95af426 caddytls: Support ACME alt cert chain preferences
👍 13781e6 caddytls: Support multiple issuers (#3862)
👍 eda9a1b fastcgi: Add timeouts support to Caddyfile adapter (#3842)
🌲 7d7434c fileserver: Add debug logging
8d038ca fileserver: Improve and clarify file hiding logic (#3844)
0a7721d fileserver: Preserve transformed root (fix #3838)
⚡️ b6e96d6 go.mod: Update CertMagic
⚡️ 1e480b8 go.mod: update quic-go to v0.19.2 (#3880)
📜 a26f70a headers: Fix Caddyfile parsing with request matcher (#3892)
0️⃣ b0d5c2c headers: Support default header values in Caddyfile with '?' (#3807)
7c28ecb httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)
🔧 3cfefeb httpcaddyfile: Configure servers via global options (#3836)
🏁 03d853e httpcaddyfile: Fix test on Windows
b6686a5 httpcaddyfile: Improve AP logic with OnDemand
🌲 63afffc httpcaddyfile: Proper log config with catch-all blocks (fix #3878)
db4f1c0 httpcaddyfile: Revise automation policy generation (#3824)
🌲 dd26875 logging: Fix for IP filtering
👍 670b723 requestbody: Add Caddyfile support (#3859)
99b8f44 reverse_proxy: Fix random_choose selection policy (#3811)
4a641f6 reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)
b660993 reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)
53aa60a reverseproxy: Handle "operation was canceled" errors (#3816)
6e0849d reverseproxy: Implement cookie hash selection policy (#3809)
⬆️ 9605853 reverseproxy: Logging for streaming and upgrades (#3689)
860cc6a reverseproxy: Wire up some http transport options in Caddyfile (#3843)
c9fdff9 reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)
6ea6f3e reverseproxy: fix random hangs on http/2 requests with server push (#3875)
Previous changes from v2.2.1
🚀 This patch release contains a number of bug fixes. Thanks for the reports and the help in debugging them!
🌲 8515267 admin: lower log level to Debug for /metrics requests (#3749)
👍 a33e4b5 caddyfile: Add support for
⏪ 385adf5 caddyhttp: Restore original request params before error handlers (#3781)
0️⃣ 0fc47e8 map: Apply default if mapped output is nil
🛠 ef8a372 map: Bug fixes; null literal with hyphen in Caddyfile
⚡️ 25d2b4b map: Reimplement; multiple outputs; optimize
dadfe19 metrics: fix handler to not run the next route (#3769)
3b9eae7 reverseproxy: Change 500 error to 502 for lookup_srv config (#3771)
c7efb03 reverseproxy: Fix dial placeholders, SRV, active health checks (#3780)
fdfdc03 reverseproxy: Ignore RFC 1521 params in Content-Type header (#3758)
6722426 reverseproxy: allow no port for SRV; fix regression in d55d50b (#3756)
0️⃣ aa9c3eb reverseproxy: default to port 80 for upstreams in Caddyfile (#3772)