diff --git a/src/docs/markdown/caddyfile/directives/basic_auth.md b/src/docs/markdown/caddyfile/directives/basic_auth.md index 0cad09c..3ac0b7a 100644 --- a/src/docs/markdown/caddyfile/directives/basic_auth.md +++ b/src/docs/markdown/caddyfile/directives/basic_auth.md @@ -21,7 +21,7 @@ Prior to v2.8.0, this directive was named `basicauth`, but was renamed for consi ```caddy-d basic_auth [] [ []] { - [] + ... } ``` @@ -34,8 +34,6 @@ basic_auth [] [ []] { - **<hashed_password>** is the password hash. -- **<salt_base64>** is the base-64 encoding of the password salt, if an external salt is required. This was only needed for the `scrypt` algorithm which is now deprecated. Subject to removal. - ## Examples diff --git a/src/docs/markdown/caddyfile/directives/log.md b/src/docs/markdown/caddyfile/directives/log.md index de474e0..a223476 100644 --- a/src/docs/markdown/caddyfile/directives/log.md +++ b/src/docs/markdown/caddyfile/directives/log.md @@ -54,6 +54,7 @@ When configured, by default all requests to the site will be logged. To conditio - [cookie](#cookie) - [regexp](#regexp) - [hash](#hash) + - [append](#append) - [Examples](#examples) Since Caddy v2.5, by default, headers with potentially sensitive information (`Cookie`, `Set-Cookie`, `Authorization` and `Proxy-Authorization`) will be logged with empty values. This behaviour can be disabled with the [`log_credentials`](/docs/caddyfile/options#log-credentials) global server option. @@ -281,15 +282,15 @@ format json #### filter -Wraps another encoder module, allowing per-field filtering. +Allows per-field filtering. ```caddy-d format filter { - wrap ... fields { ... } ... + wrap ... } ``` @@ -301,6 +302,7 @@ Specifying `wrap` is optional; if omitted, a default is chosen depending on whet As a shortcut, the `fields` block can be omitted and the filters can be specified directly within the `filter` block. + These are the available filters: ##### delete @@ -416,6 +418,26 @@ Useful to obscure the value if it's sensitive, while being able to notice whethe hash ``` +#### append + +Appends field(s) to all log entries. + +```caddy-d +format append { + fields { + + } + + wrap ... +} +``` + +It is most useful for adding information about the Caddy instance that is producing the log entries, possibly via an environment variable. The field values may be global placeholders (e.g. `{env.*}`), but _not_ per-request placeholders due to logs being written outside of the HTTP request context. + +Specifying `wrap` is optional; if omitted, a default is chosen depending on whether the current output module is [`stderr`](#stderr) or [`stdout`](#stdout), and is an interactive terminal, in which case [`console`](#console) is chosen, otherwise [`json`](#json) is chosen. + +The `fields` block can be omitted and the fields can be specified directly within the `append` block. + ## Examples @@ -502,6 +524,22 @@ example.com { ``` +To append a server ID from an environment variable to all log entries, and chain it with a `filter` to delete a header: + +```caddy +example.com { + log { + format append { + server_id {env.SERVER_ID} + wrap filter { + request>headers>Cookie delete + } + } + } +} +``` + + To write separate log files for each subdomain in a [wildcard site block](/docs/caddyfile/patterns#wildcard-certificates), by overriding `hostnames` for each logger. This uses a [snippet](/docs/caddyfile/concepts#snippets) to avoid repetition: ```caddy diff --git a/src/docs/markdown/caddyfile/directives/vars.md b/src/docs/markdown/caddyfile/directives/vars.md index 23a24a4..36f8af9 100644 --- a/src/docs/markdown/caddyfile/directives/vars.md +++ b/src/docs/markdown/caddyfile/directives/vars.md @@ -8,6 +8,9 @@ Sets one or more variables to a particular value, to be used later in the reques The primary way to access variables is with placeholders, which have the form `{vars.variable_name}`, or with the [`vars`](/docs/caddyfile/matchers#vars) and [`vars_regexp`](/docs/caddyfile/matchers#vars_regexp) request matchers. +As a special case, it's possible to override the variable named `http.auth.user.id`, which is stored in the replacer, to update the `user_id` field in access logs. + + ## Syntax ```caddy-d diff --git a/src/docs/markdown/command-line.md b/src/docs/markdown/command-line.md index 8e9c12b..90196d1 100644 --- a/src/docs/markdown/command-line.md +++ b/src/docs/markdown/command-line.md @@ -247,8 +247,7 @@ Formats or prettifies a Caddyfile, then exits. The result is printed to stdout u 
caddy hash-password
 	[-p, --plaintext <password>]
-	[-a, --algorithm <name>]
-	[-s, --salt <string>]
+ [-a, --algorithm <name>] Convenient way to hash a plaintext password. The resulting hash is written to stdout as a format usable directly in your Caddy config. @@ -256,10 +255,6 @@ Convenient way to hash a plaintext password. The resulting hash is written to st `--algorithm` may be `bcrypt` or any installed hash algorithm. Default is `bcrypt`. -`--salt` is used only if the algorithm requires an external salt (like `scrypt`). - -Note that `scrypt` is deprecated. Please use `bcrypt` instead. -