0.7.6

This release contains bug fixes, security patches via new Go versions, and a few new features:

• Pass in simple Caddyfile as command line arguments
• basicauth: Support for legacy htpasswd files
• browse: JSON response with file listing
• core: Caddyfile as command line argument
• errors: Can write full stack trace to HTTP response for debugging
• errors, log: Roll log files after certain size or age
• proxy: Fix for 32-bit architectures
• rewrite: Better compatibility with fastcgi and PHP apps
• templates: Added .StripExt and .StripHTML methods
• Internal improvements and minor bug fixes

Along with this release we're pleased to welcome three new, very useful add-ons to the Caddy middleware family: jsonp, search, and hugo.

Please see the announcement blog post for more information about the changes and new add-ons.

Given that we've been sprinting ahead with a lot of new features and functionality lately, we'll be focusing a lot on polish, bug fixes, tests, the deployment process, etc., to lay a more solid foundation going forward.

0.7.5

Several significant refinements are introduced in 0.7.5, as well as fixes for bugs that were exposed from changes made in 0.7.4.

• core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
• fastcgi: Set HTTPS env variable if connection is secure
• log: Output to system log (except Windows)
• markdown: Added dev command to disable caching during development
• markdown: Fixed error reporting during initial site generation
• markdown: Fixed crash if path does not exist when server starts
• markdown: Fixed site generation and link indexing when files change
• templates: Added .NowDate for use in date-related functions
• Several bug fixes related to startup and shutdown functions

Most notably, startup and shutdown functions now only execute once even if the server block is defined for more than one host. So where the following Caddyfile used to echo "Hello world" twice, it now echoes only once:

host1, host2 {
    startup "echo Hello world"
}

The fix in fastcgi should be good for any WordPress sites (or other PHP sites) served over HTTPS. Lots of effort went into improving Markdown features to make it easier to build sites with Markdown using only Caddy.

In earlier versions, every listener would bind to the IP address resolved by the hostname from the Caddyfile. This is no longer the case. Now, every listener always binds to the empty/wildcard host (0.0.0.0). This was done by request, but if it causes problems, please report them.

Finally, non-Windows users may output to the system log with the log and errors directives by specifying syslog as the log filename.

From here on out to version 1.0, most changes will be bug fixes, refinements, and enhancements to existing features with a focus on stability and usability.

We hope you enjoy this release, and thank you to all contributors who made it possible!

0.7.4

This release brings lots of improvements to markdown, browse, and redir directives, but some of the changes are breaking in some situations.

Breaking changes:

• If you used catch-all redirects (redir http://other-domain.com), it used to preserve the request URI. To give you more flexibility, this is no longer the case. Please use {uri} (redir http://other-domain.com{uri}) to preserve request URI.
• Markdown is quite a bit different. The structure of front matter was flattened, so instead of creating [variables] and indenting variables, all variables are defined without indentation. Also, markdown template actions are different. All values related to the Markdown document, including front matter variables, are in {{.Doc}}, so {{.Doc.body}} shows the rendered content instead of {{.markdown}}, and the title is now {{.Doc.title}} instead of {{.title}}.
• The template action .Date was renamed to .Now.

Full change list:

• browse: Sorting preference persisted in cookie
• browse: Added index.txt and default.txt to list of default files
• browse: Template files may now use Caddy template actions
• markdown: Template files may now use Caddy template actions
• markdown: Several bug fixes, especially for large and empty Markdown files
• markdown: Generate index pages to link to markdown pages (sitegen only)
• markdown: Flatten structure of front matter, changed template variables
• redir: Can use variables (placeholders) like log formats can
• redir: Catch-all redirects no longer preserve path; use {uri} instead
• redir: Syntax supports redirect tables by opening a block
• templates: Renamed .Date to .Now and added .Truncate, .Replace actions
• Other minor internal improvements and more tests

In addition, the build process was improved so that Linux and BSD downloads are in the .tar.gz file format. Windows and Mac downloads are still .zip.

The Caddy website also gets a blog with this release. We hope you like it, and we welcome guest contributions!

Note: This release introduced several bugs which are fixed in 0.7.5; it's highly recommended to use the newer version instead.

0.7.3

This patch release fixes bugs introduced in recent versions and refines some working features. Full change list:

• errors: Error log now shows timestamp with each entry
• gzip: Fixed; Default filtering is by extension; removed MIME type filter
• import: Fixed; works inside and outside server blocks
• redir: Query string preserved on catch-all redirects
• templates: Proper 403 or 404 errors for restricted or missing files

Also, the build server was updated so that it produces only purely static binaries. This may break Caddy in subtle ways on some platforms, but in our testing we were not able to see any problems. Please let us know if you think the static compilation has broken Caddy in your environment.

0.7.2

Version 0.7.2 is mostly small changes and fixes, with one breaking change - the git directive was removed. (It is still available as an add-on; keep reading.)

This version also pilots the new Caddy build server which is used to generate custom builds of Caddy for you on-the-fly via the download page or from your automated environments. With it, Caddy becomes a platform on which web services can be produced and consumed. Caddy can continue to grow its feature set without the burden of a growing code base or binary size. If you experience trouble with the build server, please let us know; it needs lots more development in the long term.

The git directive is now available as an add-on feature, which you can select from the Caddy website. Here is the full change list:

• Custom builds through caddyserver.com - extend Caddy by writing addons
• browse: Sort by clicking column heading or using query string
• core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0
• errors: Missing error page during parse time is warning, not error
• ext: Extension only appended if request path does not end in /
• fastcgi: Fix for backend responding without status text
• fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875)
• git: Removed from core (available as add-on)
• gzip: Enable by file path and/or extension
• gzip: Customize compression level
• log: Fix for missing status in log entry when error unhandled
• proxy: Strip prefix from path for proxy to path
• redir: Meta tag redirects
• templates: Support for nested includes
• Internal improvements and more tests

This version also sports faster SSL on 64-bit architecture thanks to Cloudflare's crypto enhancements. AES and ECDSA should see speedups of over ~20x. The RSA speed is roughly doubled as well. These changes are not directly related to Caddy, since it depends on compiling with their fork of Go.

Note: There's a bug in this release that breaks gzip. The next patch release fixes this.

0.7.1

This patch release fixes a timing vulnerability in the basicauth middleware, so any users who rely on it should upgrade. Version 0.7.1 also introduces upgrades to the tls and proxy directives. Full change list:

• basicauth: Patched timing vulnerability
• proxy: Support for WebSocket backends
• tls: Client authentication

We would like to thank Jonathan Hanks for reporting the vulnerability in basicauth.

0.7.0

The main improvements in this release involve HTTPS, Markdown, and usability. Websites running Caddy 0.7.0 will score an 'A' grade at Qualys SSL Labs, assuming the certificate chain is good. Static websites can be generated from Markdown files. Caddy will warn you if a non-localhost domain resolves to loopback or if your ulimit -n (file descriptor limit) is too low for a production (public-facing) site.

Full change list:

• New directive 'internal' to protect resources with X-Accel-Redirect
• New -version flag to show program name and version
• core: Fixed escaped backslash characters inside quoted strings
• core: Fixed parsing Caddyfile for IPv6 addresses missing ports
• core: A notice is shown when non-local address resolves to loopback interface
• core: Warns if file descriptor limit is too low for production site (Mac/Linux)
• fastcgi: Support for Unix sockets
• git: Fixed issue that prevented pulling at designated interval
• header: Remove a header field by prefixing field name with "-"
• markdown: Simple static site generation
• markdown: Support for metadata ("front matter") at beginning of files
• rewrite: Experimental support for regular expressions
• tls: Customize cipher suites and protocols
• tls: Removed RC4 ciphers
• Other internal improvements that are not user-facing (more tests, etc.)

Good work team! 👍 Lots of exciting things are still on the way.

0.6.0

It's been a busy week! Thanks to many contributions and tight feedback loops, Caddy has made significant progress in the last seven days. Notable new features are git push to deploy your site; multiple-backend proxying with load balancing, health checks, and failovers; and quite a few bug fixes and improvements. Full change list:

• New git directive to automatically pull changes
• New bind directive to override host server binds to
• New -root flag to specify root path to default site
• Ability to receive config data piped through stdin
• core: Warning if root directory doesn't exist at startup
• core: Entire process dies if any server fails to start
• gzip: Fixed Content-Length value when proxying requests
• errors: Error log now includes file and line number of panics
• fastcgi: Pass custom environment variables
• fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods
• fastcgi: Fixed SERVER_SOFTWARE variables
• markdown: Support for index files when URL points to a directory
• proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies
• proxy: Add custom headers
• startup/shutdown: Run command in background with with '&' at end
• templates: Added .tpl and .tmpl as default extensions
• templates: Support for index files when URL points to a directory
• templates: Changed .RemoteAddr to .IP and stripped out remote port
• tls: TLS disabled (with warning) for servers that are explicitly http://
• websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables
• Many internal improvements

0.5.1

This point release has several significant improvements. Changes are:

• Default host is now 0.0.0.0 (wildcard)
• New -host and -port flags to override default host and port
• core: Support for binding to 0.0.0.0
• core: Graceful error handling during heavy load; proper error responses
• errors: Fixed file path handling
• errors: Fixed panic due to nil Log file
• fastcgi: Support for index files
• fastcgi: Fix for handling errors that come from responder

Your feedback and contributions have been invaluable - keep 'em coming!

0.5.0

The first release of Caddy into the wild. Use it. Give feedback. Get involved. And enjoy.