Download Latest Version
caddy_2.10.0_linux_s390x.tar.gz (14.4 MB)
Get an email when there's a new version of Caddy
Happy New Year! We're pleased to release Caddy 2.9. Aside from some minor new features, this release is mainly focused on refinements and bug fixes in many areas, including:
- Config loading
- Events
- Logging
- Placeholders
- Reverse proxy and HTTP server performance
- Matchers
- HTTP (esp. HTTP/3)
- Metrics (per-host metrics)
- Security
- TLS automation & ACME ARI
We realize there is extensive interest in Encrypted Client Hello (ECH) and post-quantum ciphers. These are slated to be supported in Go 1.24, which is scheduled for a stable release in approximately February. We did not want to force users to go through the inconvenience of installing pre-release, non-stock installations of Go, even though the RCs are quite stable and production-ready, in order to even compile Caddy, which is quite common given our plugin ecosystem. We anticipate a Caddy 2.10 release in the near future with these capabilities, built on Go 1.24.
We hope you will enjoy the 2.9 release. Thanks to all contributors, bug reporters, and helpers, and those organizations which deployed pre-release versions to production to help verify patches and features.
Changelog
- [ef4e02] caddyfile: Fix comma edgecase in address parsing (#6616)
- [b116dc] caddyhttp: Add
{?query}placeholder (#6714) - [c216cf] caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629)
- [197c56] caddyhttp: Set default ReadHeaderTimeout (1 min)
- [09b2cb] caddyhttp: Add
MatchWithErrorto replace SetVar hack (#6596) - [c6f297] caddyhttp: Close http3 server gracefully (#6213)
- [88fd5f] caddyhttp: Use internal issuer for IPs when no APs configured
- [5c8dc3] caddytls: Allow disabling storage cleaning, avoids writing two files (#6593)
- [d7564d] caddytls: Drop
rate_limitandburst, has been deprecated (#6611) - [d39889] cmd: Allow
add-packageto select version of package (#6665) - [66c80c] cmd: Disable go1.23 tlskyber=1 experiment
- [fb7279] cmd: Reject multiple configs for fmt command (#6717)
- [b3ce26] cmd: ignore missing keys during storage export (#6697)
- [0182fb] core: addresses.go funcs renames (#6622)
- [e76405] core: Change ListenerFunc signature (#6651)
- [315715] core: Implement FastAbs to avoid repeated os.Getwd calls (#6687)
- [d0e209] encode: good defaults (#6737)
- [5ba1e0] encode: try to use sendfile when compression is not used (#6749)
- [bcaa8a] encode: write status immediate for success response for CONNECT requests (#6738)
- [1d1565] events: Use
WithLazyto prevent eager serialization of the event data (#6671) - [6790c0] fastcgi: check for CONTENT_LENGTH when sending requests (#6661)
- [eddbcc] fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
- [efd925] fileserver: Add
first_exist_fallbackstrategy fortry_files(#6699) - [d0123b] fileserver: Fix policy
Validate()oversight (#6727) - [290cfe] fileserver: add a test for precompressed defaults (#6743)
- [5c2617] fileserver: good default for precompressed (#6736)
- [cc23ad] fileserver: Add
file_limitoption for browse (to be experimental) (#6648) - [350ad3] fileserver: Fix Caddyfile parsing
- [9753c4] fileserver: fix try_policy when instantiating file matcher from CEL (#6624)
- [05cfb1] forwardauth: Skip copying missing response headers (#6608)
- [ed1c59] go.mod: Upgrade ACMEz to v3; and upgrade CertMagic
- [3f3f8b] go.mod: Upgrade CertMagic to v0.21.5
- [91e341] go.mod: upgrade only some otel deps (#6676)
- [22b9d5] go.mod: Upgrade quic-go to 0.48.2
- [b129ed] httpcaddyfile: Fixes for
prefer_wildcardmode (#6636) - [afa778] httpcaddyfile: Implement experimental
force_automateoption (#6712) - [b183ae] httpcaddyfile: Implement log
samplingconfig (#6682) - [1d106f] metrics: add
goandprocesscollectors (#6704) - [388c7e] metrics: move
metricsup, outsideservers(#6606) - [8c3dd3] requestbody: Type-based error handling for
MaxBytesError(#6701) - [5e6024] reverseproxy: Fix log message
- [48ce47] reverseproxy: Use correct cases for websocket related headers (#6621)
- [825fe4] reverseproxy: Allow
0as weights forweighted_round_robin(#6681) - [328fb6] reverseproxy: Only handle websocket protocol (#6740)
- [238f11] reverseproxy: Revert [#4952] - don't ignore context cancellation in stream mode
- [9c0c71] reverseproxy: Rewrite requests and responses for websocket over http2 (#6567)
- [c864b8] reverseproxy: Set Content-Length when body is fully buffered (#6638)
- [fbf0f4] reverseproxy: Sync changes from stdlib for 1xx handling (#6656)
- [5823ec] rewrite: Don't add / in Caddyfile, do it after replacer (#6662)
- [b44319] sigtrap: always ignore SIGPIPE (#6645)
- [f2c17d] testing: sort force-automated hosts (#6756)
- [669fc4] tracing: Add
spanIDfield to access logs andhttp.vars.span_idplaceholder (#6646)
What's Changed
- Make it possible to configure the
DisableStorageChecksetting for certmagic by @ankon in https://github.com/caddyserver/caddy/pull/6368 - caddyhttp: Add test case to corpus by @mholt in https://github.com/caddyserver/caddy/pull/6374
- cmd: remove zealous check of Caddyfile auto-detection by @mohammed90 in https://github.com/caddyserver/caddy/pull/6370
- ci: upgrade to goreleaser v2 by @mohammed90 in https://github.com/caddyserver/caddy/pull/6376
- logging: Allow setting log file permissions by @ririsoft in https://github.com/caddyserver/caddy/pull/6314
- Split
runinto a publicBuildContextand a private part by @ankon in https://github.com/caddyserver/caddy/pull/6378 - Write the header if none had been written in WriteResponse by @ankon in https://github.com/caddyserver/caddy/pull/6380
- fix file mode configuration parsing by @ririsoft in https://github.com/caddyserver/caddy/pull/6383
- go.mod: update tscert package by @willnorris in https://github.com/caddyserver/caddy/pull/6384
- logging: Customizable
zapcore.Coreby @kkroo in https://github.com/caddyserver/caddy/pull/6381 - logging: set file mode when the file already exist. by @ririsoft in https://github.com/caddyserver/caddy/pull/6391
- caddyfile: Pass blocks to
importfor snippets by @elee1766 in https://github.com/caddyserver/caddy/pull/6130 - reverseproxy: add Max-Age option to sticky cookie by @JasonYuan869 in https://github.com/caddyserver/caddy/pull/6398
- fileserver: Remove newline characters from precomputed etags by @armadi1809 in https://github.com/caddyserver/caddy/pull/6394
- fix: http.intercept.header.* placeholders by @dunglas in https://github.com/caddyserver/caddy/pull/6429
- reverseproxy: Only log host is up status on change by @klaxa in https://github.com/caddyserver/caddy/pull/6419
- fix: don't compress already compressed fonts by @dunglas in https://github.com/caddyserver/caddy/pull/6432
- caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying by @mholt in https://github.com/caddyserver/caddy/pull/6427
- reverseproxy: Add placeholder for host in active health check headers by @francislavoie in https://github.com/caddyserver/caddy/pull/6440
- browse: add Content-Security-Policy w/ nonce by @steffenbusch in https://github.com/caddyserver/caddy/pull/6425
- browse: fix Content-Security-Policy warnings in Firefox by @steffenbusch in https://github.com/caddyserver/caddy/pull/6443
- fileserver: Exclude symlink target size from total, show arrow on size by @francislavoie in https://github.com/caddyserver/caddy/pull/6412
- reverseproxy: Fix dynamic upstreams ip version by @armadi1809 in https://github.com/caddyserver/caddy/pull/6448
- reverseproxy: Add placeholder for networkAddr in active health check headers by @dylanschultzie in https://github.com/caddyserver/caddy/pull/6450
- Add option to set which HTTP method to use for active health checks by @jbro in https://github.com/caddyserver/caddy/pull/6453
- reverseproxy: Caddyfile support for health_method by @jbro in https://github.com/caddyserver/caddy/pull/6454
- reverseproxy: add health_upstream subdirective by @dylanschultzie in https://github.com/caddyserver/caddy/pull/6451
- ci: correct
-tags nobadgeron binary build by @girlbossceo in https://github.com/caddyserver/caddy/pull/6470 - Caddyfile support for TLS handshake matchers by @vnxme in https://github.com/caddyserver/caddy/pull/6461
- Caddyfile support for TLS connection and certificate selection policies by @vnxme in https://github.com/caddyserver/caddy/pull/6462
- chore: update golangci config by @mohammed90 in https://github.com/caddyserver/caddy/pull/6479
- encode: flush already compressed data to the stream by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6471
- proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol by @pi-prakhar in https://github.com/caddyserver/caddy/pull/6485
- fileserver: add
sortoptions by @lollipopkit in https://github.com/caddyserver/caddy/pull/6468 - go.mod: update quic-go package by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6498
- Runtime placeholders for selected TLS and HTTP matchers by @vnxme in https://github.com/caddyserver/caddy/pull/6480
- replacer:
{file.*}global placeholder strips trailing newline by @steffenbusch in https://github.com/caddyserver/caddy/pull/6411 - go.mod: update update golang/x/net by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6500
- reverse_proxy: apply keep-alive setting for h2c requests by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6343
- Fix a regression in [#6480]: the context may have no replacer by @vnxme in https://github.com/caddyserver/caddy/pull/6510
- caddyhttp: Export PrivateRangesCIDR() for plugins after [#6480] by @vnxme in https://github.com/caddyserver/caddy/pull/6514
- ignore exec.ErrDot when starting caddy in background by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6512
- ci: don't exit early on error in remote CI machine by @mohammed90 in https://github.com/caddyserver/caddy/pull/6519
- reverseproxy: Active health checks request body option by @jbro in https://github.com/caddyserver/caddy/pull/6520
- reverseproxy: Change logs for write errors to warn level by @jum in https://github.com/caddyserver/caddy/pull/6532
- cmd: Use a factory to create the caddy root command by @elee1766 in https://github.com/caddyserver/caddy/pull/6533
- chore: Fix a typo by @sunnyagain in https://github.com/caddyserver/caddy/pull/6534
- error: run
error(msg) through replacer by @mohammed90 in https://github.com/caddyserver/caddy/pull/6536 - reverseproxy: allow user to define source address by @mohammed90 in https://github.com/caddyserver/caddy/pull/6504
- chore: build and test with Go 1.23 by @dunglas in https://github.com/caddyserver/caddy/pull/6526
- tls: use Go default kex for the moment that include PQC by @bwesterb in https://github.com/caddyserver/caddy/pull/6542
- ci: prepare syso files for windows embedding in release by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6406
- Performance: Prevents the zap logger from serializing the request in rewrite.go. by @AlliBalliBaba in https://github.com/caddyserver/caddy/pull/6541
- fileserver: move
sorttobrowseby @lollipopkit in https://github.com/caddyserver/caddy/pull/6502 - reverse_proxy: add placeholder http.reverse_proxy.retries by @steffenbusch in https://github.com/caddyserver/caddy/pull/6553
- fix(#6551): Unexpected behaviour if caddyhttp.Route is provisioned twice by @jbro in https://github.com/caddyserver/caddy/pull/6558
- caddytls: Add sni_regexp matcher by @vnxme in https://github.com/caddyserver/caddy/pull/6569
- rewrite: Avoid panic on bad arg count for
uriby @mister-turtle in https://github.com/caddyserver/caddy/pull/6571 - perf: use zap's Check() to prevent useless allocs by @dunglas in https://github.com/caddyserver/caddy/pull/6560
- ci: update the linter action version by @mohammed90 in https://github.com/caddyserver/caddy/pull/6575
- update quic-go to v0.47.0 by @marten-seemann in https://github.com/caddyserver/caddy/pull/6582
- quic: enable qlog, controlled by QLOGDIR env by @marten-seemann in https://github.com/caddyserver/caddy/pull/6581
- caddytls: Give a better error message when given encrypted private keys by @francislavoie in https://github.com/caddyserver/caddy/pull/6591
- chore: Use slices package where possible by @francislavoie in https://github.com/caddyserver/caddy/pull/6585
- caddyhttp: Optimize logs using zap's WithLazy() by @AlliBalliBaba in https://github.com/caddyserver/caddy/pull/6590
- doc: remove docs of deprecated directives by @mohammed90 in https://github.com/caddyserver/caddy/pull/6566
- Implement issue [#6296] passing FDs / socket activation by @MayCXC in https://github.com/caddyserver/caddy/pull/6573
- caddyhttp: Fix listener wrapper regression from [#6573] by @MayCXC in https://github.com/caddyserver/caddy/pull/6599
- chore: Adjust incorrect
reverse_proxyCaddyfile comment by @francislavoie in https://github.com/caddyserver/caddy/pull/6598 - http: ReponseWriter prefer ReadFrom if available by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6565
- caddytls: Support new tls.context module by @mholt in https://github.com/caddyserver/caddy/pull/6369
- Better errors when reloading by @mholt in https://github.com/caddyserver/caddy/pull/6601
- caddyhttp: Escaping placeholders in CEL, add
varsandvars_regexpby @francislavoie in https://github.com/caddyserver/caddy/pull/6594 - autohttps: Implement
auto_https prefer_wildcardoption by @francislavoie in https://github.com/caddyserver/caddy/pull/6146 - metrics: scope metrics to active config, add optional per-host metrics by @mohammed90 in https://github.com/caddyserver/caddy/pull/6531
- ci: install xcaddy to fix release flow by @mohammed90 in https://github.com/caddyserver/caddy/pull/6602
- caddytls: Drop
rate_limitandburst, has been deprecated by @francislavoie in https://github.com/caddyserver/caddy/pull/6611 - tests: Fix adapt test warning by @mohammed90 in https://github.com/caddyserver/caddy/pull/6619
- docs: expand proxy protocol docs by @mohammed90 in https://github.com/caddyserver/caddy/pull/6620
- caddyfile: Fix comma edgecase in address parsing by @francislavoie in https://github.com/caddyserver/caddy/pull/6616
- reverseproxy: Use correct cases for websocket related headers by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6621
- chore: update quic-go to v0.48.0 by @marten-seemann in https://github.com/caddyserver/caddy/pull/6627
- caddyhttp: Close http3 server gracefully by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6213
- metrics: move
metricsup, outsideserversby @mohammed90 in https://github.com/caddyserver/caddy/pull/6606 - fix: always ignore SIGPIPE by @dunglas in https://github.com/caddyserver/caddy/pull/6645
- fileserver: fix try_policy when instantiating file matcher from CEL by @effleurager in https://github.com/caddyserver/caddy/pull/6624
- chore: fix some function names in comment by @davidwoood in https://github.com/caddyserver/caddy/pull/6650
- core: addresses.go funcs renames by @MayCXC in https://github.com/caddyserver/caddy/pull/6622
- tracing: Add
spanIDfield to access logs andhttp.vars.span_idplaceholder by @YifanYang6 in https://github.com/caddyserver/caddy/pull/6646 - reverseproxy: Sync changes from stdlib for 1xx handling by @francislavoie in https://github.com/caddyserver/caddy/pull/6656
- chore: Bump quic-go to 0.48.1, fixing a panic by @francislavoie in https://github.com/caddyserver/caddy/pull/6654
- chore: compile without nosql's support for Postgres and MySQL by @dunglas in https://github.com/caddyserver/caddy/pull/6655
- cmd: Allow
add-packageto select version of package by @Botelho31 in https://github.com/caddyserver/caddy/pull/6665 - httpcaddyfile: Fixes for
prefer_wildcardmode by @francislavoie in https://github.com/caddyserver/caddy/pull/6636 - Use
WithLazyto prevent eager serialization of the event data by @ankon in https://github.com/caddyserver/caddy/pull/6671 - forwardauth: Skip copying missing response headers by @francislavoie in https://github.com/caddyserver/caddy/pull/6608
- caddyhttp: Add
MatchWithErrorto replace SetVar hack by @francislavoie in https://github.com/caddyserver/caddy/pull/6596 - go.mod: upgrade only some otel deps by @mohammed90 in https://github.com/caddyserver/caddy/pull/6676
- fileserver: Add
file_limitoption for browse by @atakanyenel in https://github.com/caddyserver/caddy/pull/6648 - rewrite: Don't add
/in Caddyfile, do it after replacer by @francislavoie in https://github.com/caddyserver/caddy/pull/6662 - caddytls: Allow disabling storage cleaning, avoids writing two files by @francislavoie in https://github.com/caddyserver/caddy/pull/6593
- ci: use commit sha in goreleaser-check by @mohammed90 in https://github.com/caddyserver/caddy/pull/6677
- reverseproxy: Allow
0as weights forweighted_round_robinby @suciptoid in https://github.com/caddyserver/caddy/pull/6681 - httpcaddyfile: Implement log
samplingconfig by @nikonhub in https://github.com/caddyserver/caddy/pull/6682 - core: Implement FastAbs to avoid repeated os.Getwd calls by @francislavoie in https://github.com/caddyserver/caddy/pull/6687
- chore: Add
providesto.debreleases by @francislavoie in https://github.com/caddyserver/caddy/pull/6691 - chore: make FastAbs comment easier to understand by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6692
- cmd: ignore missing keys during storage export by @santhoshTpixler in https://github.com/caddyserver/caddy/pull/6697
- perf: remove dir redirection when useless in php_fastcgi by @dunglas in https://github.com/caddyserver/caddy/pull/6698
- requestbody: Type-based error handling for
MaxBytesErrorby @rishitashaw in https://github.com/caddyserver/caddy/pull/6701 - metrics: add
goandprocesscollectors by @mohammed90 in https://github.com/caddyserver/caddy/pull/6704 - ci: prevent jobs running on PRs from forks by @mohammed90 in https://github.com/caddyserver/caddy/pull/6720
- caddyhttp: Add
{?query}placeholder by @francislavoie in https://github.com/caddyserver/caddy/pull/6714 - fileserver: Add
first_exist_fallbackstrategy fortry_filesby @dunglas in https://github.com/caddyserver/caddy/pull/6699 - cmd:
fmtprevents multiple files passed as args, add support for--configby @armadi1809 in https://github.com/caddyserver/caddy/pull/6717 - fileserver: Fix policy
Validate()oversight by @francislavoie in https://github.com/caddyserver/caddy/pull/6727 - chore: bump golang.org/x/net to v0.32.0 by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6728
- reverseproxy: Rewrite requests and responses for websocket over http2 by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6567
- chore: fix some typo in HTTPLoader comment by @jpadilla in https://github.com/caddyserver/caddy/pull/6735
- feat: good default for file_server.precompressed by @dunglas in https://github.com/caddyserver/caddy/pull/6736
- test: add a test for precompressed defaults by @dunglas in https://github.com/caddyserver/caddy/pull/6743
- feat: good default for encode by @dunglas in https://github.com/caddyserver/caddy/pull/6737
- encode: write status immediate for success response for CONNECT requests by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6738
- reverseproxy: Only handle extended connect for websockets by @bt90 in https://github.com/caddyserver/caddy/pull/6740
- core: Change getListenerFromPlugin signature by @MayCXC in https://github.com/caddyserver/caddy/pull/6651
- reverseproxy: Set
Content-Lengthwhen body is fully buffered by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6638 - fastcgi: check for CONTENT_LENGTH when sending requests by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6661
- caddyhttp: Allow matching Transfer-Encoding, add to access logs by @francislavoie in https://github.com/caddyserver/caddy/pull/6629
- encode: try to use sendfile when compression is not used by @WeidiDeng in https://github.com/caddyserver/caddy/pull/6749
- httpcaddyfile: Implement
force_automateby @francislavoie in https://github.com/caddyserver/caddy/pull/6712 - testing: sort force-automated hosts by @mohammed90 in https://github.com/caddyserver/caddy/pull/6756
New Contributors
- @ririsoft made their first contribution in https://github.com/caddyserver/caddy/pull/6314
- @JasonYuan869 made their first contribution in https://github.com/caddyserver/caddy/pull/6398
- @klaxa made their first contribution in https://github.com/caddyserver/caddy/pull/6419
- @dylanschultzie made their first contribution in https://github.com/caddyserver/caddy/pull/6450
- @jbro made their first contribution in https://github.com/caddyserver/caddy/pull/6453
- @girlbossceo made their first contribution in https://github.com/caddyserver/caddy/pull/6470
- @vnxme made their first contribution in https://github.com/caddyserver/caddy/pull/6461
- @pi-prakhar made their first contribution in https://github.com/caddyserver/caddy/pull/6485
- @lollipopkit made their first contribution in https://github.com/caddyserver/caddy/pull/6468
- @sunnyagain made their first contribution in https://github.com/caddyserver/caddy/pull/6534
- @AlliBalliBaba made their first contribution in https://github.com/caddyserver/caddy/pull/6541
- @mister-turtle made their first contribution in https://github.com/caddyserver/caddy/pull/6571
- @MayCXC made their first contribution in https://github.com/caddyserver/caddy/pull/6573
- @effleurager made their first contribution in https://github.com/caddyserver/caddy/pull/6624
- @davidwoood made their first contribution in https://github.com/caddyserver/caddy/pull/6650
- @YifanYang6 made their first contribution in https://github.com/caddyserver/caddy/pull/6646
- @Botelho31 made their first contribution in https://github.com/caddyserver/caddy/pull/6665
- @atakanyenel made their first contribution in https://github.com/caddyserver/caddy/pull/6648
- @suciptoid made their first contribution in https://github.com/caddyserver/caddy/pull/6681
- @nikonhub made their first contribution in https://github.com/caddyserver/caddy/pull/6682
- @santhoshTpixler made their first contribution in https://github.com/caddyserver/caddy/pull/6697
- @rishitashaw made their first contribution in https://github.com/caddyserver/caddy/pull/6701
- @jpadilla made their first contribution in https://github.com/caddyserver/caddy/pull/6735
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.8.4...v2.9.0