We are pleased to release Caddy 2.2! Our community has spent a lot of time on bug fixes, as well as some new features you will like.

Highlights:

• Full support for ZeroSSL, a new ACME CA that is a viable alternative to Let's Encrypt. Its ACME endpoint is free to use and might even be a better fit for your deployment depending on your requirements (for example, it does not have tight rate limits and does not require the DNS challenge for wildcard certs). To clarify, ZeroSSL's ACME endpoint is RFC 8555-compliant and was already compatible with Caddy; we just made it easier to use by automating the EAB credentials for your convenience.
• We now have full control over our ACME stack! By replacing our previous underlying ACME library (lego) with ACMEz, Caddy can offer:
  • faster config reloads
  • more efficient cert management at scale
  • a more intuitive configuration experience
  • lighter builds
  • structured logs that are consistent with Caddy's other logs (which you have fine-grained control over).
  • (we no longer suffer from the limitations still shared by other lego-based ACME clients)
• Integrated support for Prometheus metrics. We decided that emitting metrics is something the core of the server has to do, rather than only a separate module. We will continue improving this with time. Huge thanks to @hairyhenderson for his skillful contributions.
• HTTP/2 server push has been re-introduced, this time better than it was in Caddy 1.
• Caddyfile enhancements, including:
  • Fully customize certificate issuers from the Caddyfile. Up until now, you could only customize certain parts of the ACME issuer or choose the Internal issuer from the Caddyfile; now you have full control.
  • Named matchers can be defined inside route blocks.
  • Customize log encoders.
  • dns property for issuer subdirective of tls directive that allows full customization of DNS challenge (those providers which support the Caddyfile)
  • Bug fixes
• ⚠️ The logfmt log encoder has been deprecated and will be removed. (It is already broken since it does not encode objects, so if you used it you probably stopped using it anyway.)
• Customizable DNS resolver for reverse proxy
• Latest HTTP/3 version
• Numerous bug fixes and other enhancements! Notable bug fixes related to:
  • ACME DNS challenge providers
  • Custom resolvers for the DNS challenge
  • ACME EAB (External Account Binding)
  • Panic recovery
  • Startup time when managing lots of certificates
  • Correct port for active health checks (reverse_proxy module)
  • Windows paths
  • File hiding logic (file_server module)
  • Bidirectional streaming (reverse_proxy module; specifically benefits v2ray use)
  • More consistent, structured error logging when produced from HTTP code in Go's standard library
  • New placeholders and log fields, especially pertaining to TLS, ACME, and HTTP

Special thanks to @francislavoie and @Mohammed90 and @hairyhenderson and others in our community for their continual aid with many bug reports and feature requests.

Changelog

(Includes pre-releases)

af5c148e admin,templates,core: Minor enhancements and error handling (#3607) d4f24974 browse: align template to struct field renames from 4940325 (#3706) 8a0fff58 caddyauth: hash-password: Set bcrypt cost to 14 (#3580) fb9d874f caddyfile: Export Tokenize function for lexing (#3549) 6f0f159b caddyhttp: Add {http.request.body} placeholder 514eef33 caddyhttp: Add support to resolve DN in CEL expression (#3608) 65a09524 caddyhttp: Add TLS client cert info to logs (#3640) b01bb275 caddyhttp: New placeholder for PEM of client certificate (#3662) c82c231b caddyhttp: Remove server name from metrics 0bf2565c caddyhttp: Reorder some access log fields; add host matcher test case 04f50a97 caddyhttp: Wrap http.Server logging with zap (#3668) 00e6b77f caddytls: Add dns config to acmeissuer (#3701) 66863aad caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633) 744d04c2 caddytls: Configure custom DNS resolvers for DNS challenge (close #2476) 24f34780 caddytls: Customize DNS resolvers for DNS challenge with Caddyfile 9859ab81 caddytls: Fix resolvers option of acme issuer (Caddyfile) efc0cc5e caddytls: Move initial storage clean op into goroutine 6a14e2c2 caddytls: Replace lego with acmez (#3621) b88e2b6a cmd: Allow caddy fmt to read from stdin (#3680) 68529e2f cmd: Print caddy version with environ or --environ (#3627) 2ae8c119 fastcgi: Add resolve_root_symlink (#3587) 0665a86e fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570) 3fdaf507 fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577) 3860b235 fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623) 735c8665 fileserver: Enable browse pagination with offset parameter (#3542) 49403258 fileserver: Fix inconsistencies in browse JSON 1c5969b5 fileserver: Fix new file hide tests on Windows (#3719) c054a818 fileserver: Fix newly-introduced failing test on Linux (#3625) b95b8738 fileserver: Fix try_files for directories; windows fix (#3684) 0ee43782 fileserver: Improve file hiding logic for directories and prefixes c42bfaf3 go.mod: Bump CertMagic 28d870c1 go.mod: Update quic-go, truststore, and goldmark c6d6a775 go.mod: Update some dependencies 2a5599e2 go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid 3ee663de go.mod: Upgrade dependencies 997ef522 go.mod: Use v0.15(.1) of smallstep libs 6f73a358 httpcaddyfile: Add compression to http transport config (#3624) 584eba94 httpcaddyfile: Allow named matchers in route blocks (#3632) ff19bdda httpcaddyfile: Avoid repeated subjects in APs (fix #3618) 8b80a320 httpcaddyfile: Bring enforce_origin and origins to admin config (#3595) fe27f9cf httpcaddyfile: Disallow args on route/handle directive family (#3740) e3324aa6 httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676) be6daa5f httpcaddyfile: Fix panic when parsing route with matchers (#3746) 0afbab86 httpcaddyfile: Improve directive sorting logic (#3658) 4217217b httpcaddyfile: Properly record whether we added catch-all conn policy 7bfe5b6c httpcaddyfile: Reorder automation policy logic (close #3550) eda54c22 logging: :warning: Deprecate logfmt encoder 309c1fec logging: Implement Caddyfile support for filter encoder (#3578) f197cec7 metrics: Always track method label in uppercase (#3742) d16ede35 metrics: Fix hidden panic while observing with bad exemplars (#3733) b1d456d8 metrics: Fix panic when headers aren't written (#3737) 8ec51bbe metrics: Initial integration of Prometheus metrics (#3709) 6cea1f23 push: Implement HTTP/2 server push (#3573) 904f149e reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620) e9b1d7dc reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561) 724b74d9 reverseproxy: Abort active health checks on context cancellation 4cd7ae35 reverseproxy: Add buffer_requests option to reverse_proxy directive (#3710) bd9d796e reverseproxy: add support for custom DNS resolver (#3479) bc453fa6 reverseproxy: Correct alternate port for active health checks (#3693) d55d50b3 reverseproxy: Enforce port range size of 1 at provision (#3695) 19cc2bd3 reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576) c94f5bb7 reverseproxy: Make default buffer size const e2f913bb reverseproxy: Minor fixes and cleanup 246a31aa reverseproxy: Restore request's original host and header (fix #3509) fc65320e reverseproxy: Support header selection policy on Host field (#3653) c3582001 templates: Disable hard wraps in Markdown rendering (#3553) a2dae1d4 templates: Fix front matter closing fence search 2bc30bb7 templates: Implement placeholders function (#3324)