Skip to content

Latest commit

 

History

History
163 lines (144 loc) · 5.43 KB

next-release.md

File metadata and controls

163 lines (144 loc) · 5.43 KB

GoDoxy v0.9.0 expected changes

  • new Brand new rewritten WebUI

    • View logs directly from WebUI
    • Edit dashboard app config (e.g. icon, name, category, etc.)
    • Toggle show / hide apps
    • Health bubbles, latency, etc. rich info on dashboard items
    • UI config editor {7829FA41-5733-4BAD-8183-CDF093CEC6F2} {29A4608C-607F-43C9-A542-15EC6B9D024E} {83118DF5-9D46-4D00-9CEF-C0F6C8D18C4B}

  • new Support selfh.st icons: @selfhst/<reference>.<format> (e.g. @selfhst/adguard-home.webp)

  • new GoDoxy server side favicon retreiving and caching

    • deliver smooth dashboard experience by caching favicons
    • correct icon can show without setting homepage.icon by parsing it from app's root path "/", selecting link[rel=icon] from HTML as default icon

  • Thanks polds Optionally allow a user to specify a “warm-up” endpoint to start the container, returning a 403 if the endpoint isn’t hit and the container has been stopped.

    This can help prevent bots from starting random containers, or allow health check systems to run some probes. Or potentially lock the start endpoints behind a different authentication mechanism, etc.

    Sample service showing this:

    hello-world:
  image: nginxdemos/hello
  container_name: hello-world
  restart: "no"
  ports:
    - "9100:80"
  labels:
    proxy.aliases: hello-world
    proxy.#1.port: 9100
    proxy.idle_timeout: 45s
    proxy.wake_timeout: 30s
    proxy.stop_method: stop
    proxy.stop_timeout: 10s
    proxy.stop_signal: SIGTERM
    proxy.start_endpoint: "/start"

    Hitting / on this service when the container is down:

    $ curl -sv -X GET -H "Host: hello-world.godoxy.local" http://localhost/
* Host localhost:80 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:80...
* Connected to localhost (::1) port 80
> GET / HTTP/1.1
> Host: hello-world.godoxy.local
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 403 Forbidden
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Wed, 08 Jan 2025 02:04:51 GMT
< Content-Length: 71
<
Forbidden: Container can only be started via configured start endpoint
* Connection #0 to host localhost left intact

    Hitting /start when the container is down:

    curl -sv -X GET -H "Host: hello-world.godoxy.local" -H "X-Goproxy-Check-Redirect: skip" http://localhost/start
* Host localhost:80 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:80...
* Connected to localhost (::1) port 80
> GET /start HTTP/1.1
> Host: hello-world.godoxy.local
> User-Agent: curl/8.7.1
> Accept: */*
> X-Goproxy-Check-Redirect: skip
>
* Request completely sent off
< HTTP/1.1 200 OK
< Date: Wed, 08 Jan 2025 02:13:39 GMT
< Content-Length: 0
<
* Connection #0 to host localhost left intact

  • Thanks polds Support WebUI authentication via OIDC by setting these environment variables:

    • GODOXY_OIDC_ISSUER_URL e.g.:
      • Pocket ID: https://pocker-id.yourdomain.com
      • Authentik: https://authentik.yourdomain.com/application/o/<application_slug>/ The ending slash is required
    • GODOXY_OIDC_LOGOUT_URL (if your issuer supports it, e.g.)
      • Authentik: https://authentik.yourdomain.com/application/o/<application_slug>/end-session
    • GODOXY_OIDC_CLIENT_ID
    • GODOXY_OIDC_CLIENT_SECRET
    • GODOXY_OIDC_REDIRECT_URL
    • GODOXY_OIDC_SCOPES (optional)
    • GODOXY_OIDC_ALLOWED_USERS
    • GODOXY_OIDC_ALLOWED_GROUPS (optional)

  • Use OpenID Connect to authenticate GoDoxy's WebUI and all your services (SSO)

    # default
proxy.app.middlewares.oidc:

# override allowed users
proxy.app.middlewares.oidc.allowed_users: user1, user2

# override allowed groups
proxy.app.middlewares.oidc.allowed_groups: group1, group2

  • Caddyfile like rules

    proxy.goaccess.rules: |
  - name: default
    do: |
      rewrite / /index.html
      serve /var/www/goaccess
  - name: ws
    on: |
      header Connection Upgrade
      header Upgrade websocket
    do: bypass # do nothing, pass to reverse proxy

proxy.app.rules: |
  - name: default
    do: bypass # do nothing, pass to reverse proxy
  - name: block POST and PUT
    on: method POST | method PUT
    do: error 403 Forbidden

  • config reload will now cause a server full restart (i.e. proxy, api, prometheus, etc), eliminating some incorrect behaviors

  • drop support of inline yaml string list without hyphen - prefix, e.g.

    # old
proxy.app.middlewares.request.hide_headers: |
  X-Header1
  X-Header2

# new
proxy.app.middlewares.request.hide_headers: |
  - X-Header1
  - X-Header2

  • autocert now supports hot-reload

  • middleware compose now supports cross-referencing, e.g.

    foo:
  - use: RedirectHTTP
bar: # in the same file or different file
  - use: foo@file

  • Fixes

    • bug: cert renewal failure no longer causes renew schdueler to stuck forever
    • bug: access log writes to closed file after config reload