These plugins have had maintainership attached due to the fact
that they became plugins at one point in time. Since we can now
annotate this better, do it.
This can happen when an internal domain has been added, e.g. example.internal. Caddy will then generate a self signed certificate via smallstep CA, and on startup it tries to install a root certificate for it into the FreeBSD trust store.
If running as www user, this causes sudo to appear at boot, because that is baked into smallstep CA.
https://github.com/smallstep/truststore/blob/master/truststore_freebsd.go
Via skip_install_trust, we prevent caddy from trying this.
When using "include" in the default global logger, all other logs get excluded, except those that get included.
Using a "log default" instead, sends the HTTP access logs to the default logger.
This allows process and HTTP access logs to coexist in the same logger.
* caddy: Add DNS-01 override domain feature
Adds support for DNS-01 CNAME delegation through the dns_challenge_override_domain directive. This enables least-privilege DNS setups where the certificate domain delegates ACME challenges to a target domain managed by the configured DNS provider.
* Review feedback: Remove default defs and align validation string with existing one
---------
Co-authored-by: Christophe Neuerburg <c.neuerburg@sdsys.ch>
Some elaborate defaults were not used. They look kind of useful, but
also suggest maintenance nightmares (default cipher list), so let's
get rid of them.
* www/caddy: Fix setup.sh script interaction with files and directories in caddy storage
This fixes multiple things:
- When running as www:www user, the interaction with the admin socket could fail, now we do not touch /var/run/caddy and let it be handled by the permissions set in the rc.d script
- When restarting/reloading caddy, permissions and ownerships would be changed every time, possibly breaking the storage if caddy writes at the same time
- The custom certificates are now stored outside the scope of the caddy storage, ensuring caddy has atomic write guarantee on /var/db/caddy/data...
* Fix some review comments
* add changelog
* www/caddy: Implement tabulator groupBy into subdomain and handlers tabs, modernize style and html
* www/caddy: Fix search endpoints being fired multiple times on initial page load, and when using the command buttons. This fixes some tabulator warnings and improves performance.
* www/caddy: Bump version to 2.0.3 and add changelog
