mirror of
https://github.com/caddyserver/website.git
synced 2025-04-24 14:06:17 -04:00
Update docs for 2.6
This commit is contained in:
Matthew Holt
parent
c67668615e
commit
2ab3061111
12 changed files with 158 additions and 78 deletions
|
|
@ -19,15 +19,15 @@ After a successful authentication, the `{http.auth.user.id}` placeholder will be
|
|||
|
||||
```caddy-d
|
||||
basicauth [<matcher>] [<hash_algorithm> [<realm>]] {
|
||||
<username> <hashed_password_base64> [<salt_base64>]
|
||||
<username> <hashed_password> [<salt_base64>]
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
- **<hash_algorithm>** is the name of the password hashing algorithm (or KDF) used for the hashes in this configuration. Can be `bcrypt` (default) or `scrypt`.
|
||||
- **<hash_algorithm>** is the name of the password hashing algorithm (or KDF) used for the hashes in this configuration. Default: `bcrypt`
|
||||
- **<realm>** is a custom realm name.
|
||||
- **<username>** is a username or user ID.
|
||||
- **<hashed_password_base64>** is the base-64 encoding of the hashed password.
|
||||
- **<hashed_password>** is the password hash.
|
||||
- **<salt_base64>** is the base-64 encoding of the password salt, if an external salt is required.
|
||||
|
||||
|
||||
|
|
@ -37,7 +37,7 @@ Protect all resources in /secret so only Bob can access them with the password "
|
|||
|
||||
```caddy-d
|
||||
basicauth /secret/* {
|
||||
Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
|
||||
Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ A static file server that supports real and virtual file systems. It forms file
|
|||
|
||||
By default, it enforces canonical URIs; meaning HTTP redirects will be issued for requests to directories that do not end with a trailing slash (to add it) or requests to files that have a trailing slash (to remove it). Redirects are not issued, however, if an internal rewrite modifies the last element of the path (the filename).
|
||||
|
||||
Most often, the `file_server` directive is paired with the [`root`](/docs/caddyfile/directives/root) directive to set file root for the whole site. A site root does not carry sandbox guarantees: the file server does prevent directory traversal, but symbolic links within the root can still allow accesses outside of the root.
|
||||
Most often, the `file_server` directive is paired with the [`root`](/docs/caddyfile/directives/root) directive to set the file root for the whole site, but this directive also has a `root` subdirective (below) to set the root only for this handler if preferred. Note that a site root does not carry sandbox guarantees: the file server does prevent directory traversal from path components, but symbolic links within the root can still allow accesses outside of the root.
|
||||
|
||||
## Syntax
|
||||
|
||||
|
|
@ -27,8 +27,8 @@ file_server [<matcher>] [browse] {
|
|||
```
|
||||
|
||||
- **browse** enables file listings for requests to directories that do not have an index file.
|
||||
- **fs** specifies an alternate (perhaps virtual) file system to use. Any Caddy module in the `caddy.fs` namespace can be used here as long as it supports [`Stat()` calls](https://pkg.go.dev/io/fs#StatFS). Any root path/prefix will still apply to alternate file system modules. By default, the local disk is used.
|
||||
- **root** sets the path to the site root. It's similar to the [`root`](/docs/caddyfile/directives/root) directive except it applies to this file server instance only and overrides any other site root that may have been defined. Default: `{http.vars.root}` or the current working directory. Note: This subdirective only changes the root for this directive. For other directives (like [`try_files`](/docs/caddyfile/directives/try_files) or [`templates`](/docs/caddyfile/directives/templates)) to know the same site root, use the [`root`](/docs/caddyfile/directives/root) directive, not this subdirective.
|
||||
- **fs** specifies an alternate (perhaps virtual) file system to use. Any Caddy module in the `caddy.fs` namespace can be used here. Any root path/prefix will still apply to alternate file system modules. By default, the local disk is used.
|
||||
- **root** sets the path to the site root. It's similar to the [`root`](/docs/caddyfile/directives/root) directive except it applies to this file server instance only and overrides any other site root that may have been defined. Default: `{http.vars.root}` or the current working directory. Note: This subdirective only changes the root for this handler. For other directives (like [`try_files`](/docs/caddyfile/directives/try_files) or [`templates`](/docs/caddyfile/directives/templates)) to know the same site root, use the [`root`](/docs/caddyfile/directives/root) directive, not this subdirective.
|
||||
- **hide** is a list of files or folders to hide; if requested, the file server will pretend they do not exist. Accepts placeholders and glob patterns. Note that these are _file system_ paths, NOT request paths. In other words, relative paths use the current working directory as a base, NOT the site root; and all paths are transformed to their absolute form before comparisons (if possible). Specifying a file name or pattern without a path separator will hide all files with a matching name regardless of its location; otherwise, a path prefix match will be attempted, and then a globular match. Since this is a Caddyfile config, the active configuration file(s) will be added by default.
|
||||
- **index** is a list of filenames to look for as index files. Default: `index.html index.txt`
|
||||
- **<template_file>** is an optional custom template file to use for directory listings. Defaults to the template that can be found [here in the source code ](https://github.com/caddyserver/caddy/blob/master/modules/caddyhttp/fileserver/browse.html). Browse templates can use actions from [the standard templates module](/docs/modules/http.handlers.templates#docs) as well.
|
||||
|
|
@ -53,7 +53,7 @@ With file listings enabled:
|
|||
file_server browse
|
||||
```
|
||||
|
||||
Only serve static files out of the `/static` folder:
|
||||
Only serve static files within the `/static` folder:
|
||||
|
||||
```caddy-d
|
||||
file_server /static/*
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ title: respond (Caddyfile directive)
|
|||
|
||||
Writes a hard-coded/static response to the client.
|
||||
|
||||
If the body is non-empty, this directive sets the `Content-Type` header if it is not already set. The default value is `text/plain; utf-8` unless the body is a valid JSON object or array, in which case it is set to `application/json`. For all other types of content, set the proper Content-Type explicitly using the [`header` directive](/docs/caddyfile/directives/header).
|
||||
|
||||
|
||||
## Syntax
|
||||
|
||||
|
|
@ -16,7 +18,7 @@ respond [<matcher>] <status>|<body> [<status>] {
|
|||
}
|
||||
```
|
||||
|
||||
- **<status>** is the HTTP status code to write. Default 200.
|
||||
- **<status>** is the HTTP status code to write. If 103 (Early Hints), the response will be written without a body and the handler chain will continue. (HTTP 1xx responses are informational, not final.) Default: 200.
|
||||
- **<body>** is the response body to write.
|
||||
- **body** is an alternate way to provide a body; convenient if it is multiple lines.
|
||||
- **close** will close the client's connection to the server after writing the response.
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ Proxies requests to one or more backends with configurable transport, load balan
|
|||
- [Dynamic upstreams](#dynamic-upstreams)
|
||||
- [SRV](#srv)
|
||||
- [A/AAAA](#aaaaa)
|
||||
- [Multi](#multi)
|
||||
- [Load balancing](#load-balancing)
|
||||
- [Active health checks](#active-health-checks)
|
||||
- [Passive health checks](#passive-health-checks)
|
||||
|
|
@ -138,6 +139,7 @@ Static upstream addresses can take the form of a conventional [Caddy network add
|
|||
- `h2c://127.0.0.1`
|
||||
- `example.com`
|
||||
- `unix//var/php.sock`
|
||||
- `unix+h2c//var/grpc.sock`
|
||||
|
||||
Note: Schemes cannot be mixed, since they modify the common transport configuration (a TLS-enabled transport cannot carry both HTTPS and plaintext HTTP). Any explicit transport configuration will not be overwritten, and omitting schemes or using other ports will not assume a particular transport.
|
||||
|
||||
|
|
@ -203,6 +205,17 @@ Retrieves upstreams from A/AAAA DNS records.
|
|||
- **dial_fallback_delay** is how long to wait before spawning an RFC 6555 Fast Fallback connection. Default: `300ms`
|
||||
|
||||
|
||||
##### Multi
|
||||
|
||||
Append the results of multiple dynamic upstream modules. Useful if you want redundant sources of upstreams, for example: a primary cluster of SRVs backed up by a secondary cluster of SRVs.
|
||||
|
||||
```caddy-d
|
||||
dynamic multi {
|
||||
<source> [...]
|
||||
}
|
||||
```
|
||||
|
||||
- **<source>** is the name of the module for the dynamic upstreams, followed by its configuration. More than one may be specified.
|
||||
|
||||
### Load balancing
|
||||
|
||||
|
|
@ -441,13 +454,17 @@ transport http {
|
|||
|
||||
- **max_response_header** <span id="max_response_header"/> is the maximum amount of bytes to read from response headers. It accepts all formats supported by [go-humanize](https://github.com/dustin/go-humanize/blob/master/bytes.go). Default: `10MiB`.
|
||||
|
||||
- **dial_timeout** <span id="dial_timeout"/> is how long to wait when connecting to the upstream socket. Accepts [duration values](/docs/conventions#durations). Default: No timeout.
|
||||
- **dial_timeout** <span id="dial_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait when connecting to the upstream socket. Default: No timeout.
|
||||
|
||||
- **dial_fallback_delay** <span id="dial_fallback_delay"/> is how long to wait before spawning an RFC 6555 Fast Fallback connection. A negative value disables this. Accepts [duration values](/docs/conventions#durations). Default: `300ms`.
|
||||
- **dial_fallback_delay** <span id="dial_fallback_delay"/> is the maximum [duration](/docs/conventions#durations) to wait before spawning an RFC 6555 Fast Fallback connection. A negative value disables this. Default: `300ms`.
|
||||
|
||||
- **response_header_timeout** <span id="response_header_timeout"/> is how long to wait for reading response headers from the upstream. Accepts [duration values](/docs/conventions#durations). Default: No timeout.
|
||||
- **response_header_timeout** <span id="response_header_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait for reading response headers from the upstream. Default: No timeout.
|
||||
|
||||
- **expect_continue_timeout** <span id="expect_continue_timeout"/> is how long to wait for the upstreams's first response headers after fully writing the request headers if the request has the header `Expect: 100-continue`. Accepts [duration values](/docs/conventions#durations). Default: No timeout.
|
||||
- **expect_continue_timeout** <span id="expect_continue_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait for the upstreams's first response headers after fully writing the request headers if the request has the header `Expect: 100-continue`. Default: No timeout.
|
||||
|
||||
- **read_timeout** <span id="read_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait for the next read from the backend. Default: No timeout.
|
||||
|
||||
- **write_timeout** <span id="write_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait for the next writes to the backend. Default: No timeout.
|
||||
|
||||
- **resolvers** <span id="resolvers"/> is a list of DNS resolvers to override system resolvers.
|
||||
|
||||
|
|
@ -457,7 +474,7 @@ transport http {
|
|||
|
||||
- **tls_insecure_skip_verify** <span id="tls_insecure_skip_verify"/> turns off TLS handshake verification, making the connection insecure and vulnerable to man-in-the-middle attacks. _Do not use in production._
|
||||
|
||||
- **tls_timeout** <span id="tls_timeout"/> is a [duration value](/docs/conventions#durations) that specifies how long to wait for the TLS handshake to complete. Default: No timeout.
|
||||
- **tls_timeout** <span id="tls_timeout"/> is the maximum [duration](/docs/conventions#durations) to wait for the TLS handshake to complete. Default: No timeout.
|
||||
|
||||
- **tls_trusted_ca_certs** <span id="tls_trusted_ca_certs"/> is a list of PEM files that specify CA public keys to trust when connecting to the backend.
|
||||
|
||||
|
|
@ -476,7 +493,7 @@ transport http {
|
|||
|
||||
- **keepalive** <span id="keepalive"/> is either `off` or a [duration value](/docs/conventions#durations) that specifies how long to keep connections open (timeout). Default: `2m`.
|
||||
|
||||
- **keepalive_interval** <span id="keepalive"/> is a [duration value](/docs/conventions#durations) that specifies how often to probe for liveness. Default: `30s`.
|
||||
- **keepalive_interval** <span id="keepalive"/> is the [duration](/docs/conventions#durations) between liveness probes. Default: `30s`.
|
||||
|
||||
- **keepalive_idle_conns** <span id="keepalive_idle_conns"/> defines the maximum number of connections to keep alive. Default: No limit.
|
||||
|
||||
|
|
|
|||
|
|
@ -10,10 +10,13 @@ Rewrites the request URI path to the first of the listed files which exists in t
|
|||
## Syntax
|
||||
|
||||
```caddy-d
|
||||
try_files <files...>
|
||||
try_files <files...> {
|
||||
policy first_exist|smallest_size|largest_size|most_recently_modified
|
||||
}
|
||||
```
|
||||
|
||||
- **<files...>** is the list of files to try. The URI will be rewritten to the first one that exists. To match directories, append a trailing forward slash `/` to the path. All file paths are relative to the site [root](/docs/caddyfile/directives/root). Each argument may also contain a query string, in which case the query string will also be changed if it matches that particular file. The last item in the list may be a number prefixed by `=` (e.g. `=404`), which as a fallback, will emit an error with that code; the error can be caught and handled with [`handle_errors`](/docs/caddyfile/directives/handle_errors).
|
||||
- **<files...>** is the list of files to try. The URI path will be rewritten to the first one that exists. To match directories, append a trailing forward slash `/` to the path. All file paths are relative to the site [root](/docs/caddyfile/directives/root), and [glob patterns](https://pkg.go.dev/path/filepath#Match) will be expanded. Each argument may also contain a query string, in which case the query string will also be changed if it matches that particular file. The last item in the list may be a number prefixed by `=` (e.g. `=404`), which as a fallback, will emit an error with that code; the error can be caught and handled with [`handle_errors`](/docs/caddyfile/directives/handle_errors).
|
||||
- **policy** is the policy for choosing the file among the list of files. Default: `first_exist`
|
||||
|
||||
|
||||
## Expanded form
|
||||
|
|
@ -55,3 +58,11 @@ Attempt to rewrite to a file or directory if it exists, otherwise emit a 404 err
|
|||
```caddy-d
|
||||
try_files {path} {path}/ =404
|
||||
```
|
||||
|
||||
Choose the most recently deployed version of a static file (e.g. serve `index.be331df.html` when `index.html` is requested):
|
||||
|
||||
```caddy-d
|
||||
try_files {file.base}.*.{file.ext} {
|
||||
policy most_recently_modified
|
||||
}
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue