0.8

@mholt mholt released this Dec 4, 2015 · 1312 commits to master since this release

Caddy 0.8 is the most progressive update we've ever released. We hope you'll enjoy this new version!

New Features

Automatic HTTPS via Let's Encrypt

All live sites are served over HTTPS automatically for free. Caddy works with any ACME-capable certificate authority but uses Let's Encrypt by default. A Caddyfile like this, for example:

mysite.com

root /www/mysite.com
gzip

will serve your site over HTTPS and redirect HTTP to HTTPS. Caddy will not automatically enable HTTPS for addresses that look like localhost or have tls off in their configuration.

Caddy stores the generated keys and certificates in the ~/.caddy folder on your system. If these assets are already available on the file system from a previous run, Caddy will use those when it starts.

With managed TLS, Caddy staples OCSP information and also keeps certificates renewed for you. This will cause Caddy to restart on occasion, so be aware of that if using a process manager.

The first time automatic HTTPS is triggered, Caddy will prompt for an email address and/or agreement to CA terms. This only happens once, and the email address is optional (but recommended for account recovery purposes). You can bypass the prompt by using the -email and -agree flags.

Known Issues
  1. Specifying an address like http://example.com disables automatic HTTPS (because of explicit HTTP scheme) but http://example.com:8080 does not (because the explicit port overwrites the scheme) even though it should.
  2. Gracefully reloading Caddy with a new host in the Caddyfile that qualifies for automatic HTTPS and needs a certificate fails (because the ports needed to issue the cert are already in use) but it should use existing listeners like renewals do.
  3. If even one certificate fails to be obtained, none of the certificates are saved to disk. This is most notable with LE rate limiting. If a certificate fails, it should save what certificates it obtained to disk.

These will be addressed in a patch release coming soon, unless another more serious bug is discovered.

Graceful Reload

On POSIX-compliant systems, SIGUSR1 will cause Caddy to gracefully reload the Caddyfile (with zero downtime). This restarts the process, spinning up a new process with a new process ID. Make sure to use the -pidfile flag if you're using Caddy with a process manager that needs to keep track of the pid. Caddy will reload on its own if managing SSL certificates. There are also other new signals and flags you can use.

Caddy as a Library

You can use now Caddy as a library in your own Go programs.

import "github.com/mholt/caddy/caddy"

// You can start...
err := caddy.Start(caddyfile)
if err != nil {
    log.Fatal(err)
}

// restart...
err = caddy.Restart(newCaddyfile)
if err != nil {
    log.Fatal(err)
}

//  and stop Caddy services...
err = caddy.Stop()
if err != nil {
    log.Fatal(err)
}

// or just wait for them to close.
caddy.Wait()

See the godoc for more information.

Full Change List

  • HTTPS by default via Let's Encrypt (certs & keys are fully managed)
  • Graceful restarts (on POSIX-compliant systems)
  • Major internal refactoring to allow use of Caddy as library
  • New directive 'mime' to customize Content-Type based on file extension
  • New -accept flag to accept Let's Encrypt SA without prompt
  • New -email flag to customize default email used for ACME transactions
  • New -ca flag to customize ACME CA server URL
  • New -revoke flag to revoke a certificate
  • New -log flag to enable process log
  • New -pidfile flag to enable writing pidfile
  • New -grace flag to customize the graceful shutdown timeout
  • New support for SIGHUP, SIGTERM, and SIGQUIT signals
  • browse: Render filenames with multiple whitespace properly
  • core: Use environment variables in Caddyfile
  • markdown: Include Last-Modified header in response
  • markdown: Render tables, strikethrough, and fenced code blocks
  • proxy: Ability to exclude/ignore paths from proxying
  • startup, shutdown: Better Windows support
  • templates: Bug fix for .Host when port is absent
  • templates: Include Last-Modified header in response
  • templates: Support for custom delimiters
  • tls: For non-local hosts, default port is now 443 unless specified
  • tls: Force-disable HTTPS
  • tls: Specify Let's Encrypt email address
  • Many, many more tests and numerous bug fixes and improvements

Credits and More Information

Many thanks to the dozens of contributors and testers who made this possible!

Please see the announcement blog post for the rest of the story. For more instructions about how to use this new Caddy version, see the docs.