russellluo / caddy-ext Goto Github PK
View Code? Open in Web Editor NEWVarious Caddy v2 extensions (a.k.a. modules).
License: MIT License
Various Caddy v2 extensions (a.k.a. modules).
License: MIT License
Hi,
Is it possible to specify a host/domain for a service?
I'm using the caddy-docker-proxy module in combination with yours with this label:
labels:
caddy.layer4.:27017.proxy: "{{upstreams 27017}}"
which generates this caddy part:
"layer4": {
"servers": {
"srv0": {
"listen": [":27017"],
"routes": [
{
"handle": [
{
"handler": "proxy",
"upstreams": [{ "dial": ["10.0.22.76:27017"] }]
}
]
}
]
}
}
}
But I would like to specify the host/domain, so I could have multiple services running on the same port. Is it possible?
what would be the syntax for match ssh traffic on :443 and proxy it to another host:port ?
Hi thanks for developing this, it is too much useful
I just wondering how can I return a custom response when the limit happens?
There's already a module that does that: https://caddyserver.com/docs/modules/http.handlers.json_parse
There may be some differences though.
I am trying to limit /v1/graphql
with ip but I am getting CORS error
.
If route /v1
is used no error but api limit does not work.
/v1/*
, /v1*
these are also not working.
Checking on localhost with docker-compose.
Please check below Caddyfile:
:8080 {
reverse_proxy graphql-engine:8080
route /v1/graphql {
rate_limit {remote.ip} 50r/m
respond 200
}
}
@RussellLuo I see you have other Caddy plugins registered, but this one seems to be missing on the Caddy download page.
Hi @RussellLuo ,
Is it possible to use your other handlers with the l4 plugin?
Hello there,
Any idea why I'm getting the error below?
Error during parsing: parsing caddyfile tokens for 'rate_limit': /etc/caddy/Caddyfile:25 -
Error during parsing: Wrong argument count or unexpected line ending after '{http.request.uri.query.id}'
localhost:8080 {
route /foo {
rate_limit {query.id} 2r/m
respond 200
}
}
This is my Dockerfile
FROM caddy:2.6.2-builder-alpine as builder
RUN xcaddy build \
--with github.com/RussellLuo/caddy-ext/ratelimit
FROM caddy:2.6.2-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
and this is my docker-compose.yml
version: "3.7"
services:
caddy:
logging:
options:
max-size: "500m"
max-file: "5"
build: .
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
volumes:
caddy_data:
caddy_config:
The issue is very similar to #8 which fixed for go1.19 but not go 1.20:
caddy
panic: Something in this program imports go4.org/unsafe/assume-no-moving-gc to declare that it assumes a non-moving garbage collector, but your version of go4.org/unsafe/assume-no-moving-gc hasn't been updated to assert that it's safe against the go1.20 runtime. If you want to risk it, run with environment variable ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.20 set. Notably, if go1.20 adds a moving garbage collector, this program is unsafe to use.
goroutine 1 [running]:
go4.org/unsafe/assume-no-moving-gc.init.0()
go4.org/unsafe/[email protected]/untested.go:25 +0x1ba
Hello,
With the release of Go 1.19, there is a new update for go4.org/unsafe/assume-no-moving-gc, which the Ratelimit module uses.
This has been updated to in 5680eab, however, there is no new tagged version. As a result, Caddy's build server uses an earlier version which panics, making it impossible to upgrade unless the Ratelimit module is removed, then re-added using the Master branch after downloading an upgraded version via caddy upgrade.
It would be great if you could release a new version of the Ratelimit plugin so that this could be avoided.
Much thanks in advance
Hola!
Currently, I want to build Caddy with module flagr on my local, but I face an error when building. The error is
2023/09/07 10:28:51 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -d -v github.com/RussellLuo/caddy-ext/flagr github.com/caddyserver/caddy/v2
panic: internal error: can't find reason for requirement on golang.org/x/[email protected]
goroutine 1 [running]:
cmd/go/internal/modget.(*resolver).updateBuildList.func1({{0xc00097f7d0?, 0xc001108720?}, {0xc00033a360?, 0xc001414a20?}})
/usr/local/go/src/cmd/go/internal/modget/get.go:1760 +0x114
cmd/go/internal/modget.(*resolver).updateBuildList(0xc000222000, {0xb313d0, 0xc00019a000}, {0x0, 0x0, 0x0})
/usr/local/go/src/cmd/go/internal/modget/get.go:1765 +0x597
cmd/go/internal/modget.(*resolver).applyUpgrades(0xc000222000, {0xb313d0, 0xc00019a000}, {0x0?, 0x2?, 0x472485?})
/usr/local/go/src/cmd/go/internal/modget/get.go:1312 +0x105
cmd/go/internal/modget.runGet({0xb313d0, 0xc00019a000}, 0xc0001c4510?, {0xc0001ae160, 0x2, 0x2})
/usr/local/go/src/cmd/go/internal/modget/get.go:351 +0x45e
main.invoke(0xe2d000, {0xc0001ae130, 0x5, 0x5})
/usr/local/go/src/cmd/go/main.go:225 +0x34e
main.main()
/usr/local/go/src/cmd/go/main.go:179 +0x7d1
2023/09/07 10:28:53 [FATAL] exit status 2
Then, I tried to download caddy with module flagr on the web https://caddyserver.com/download?package=github.com%2FRussellLuo%2Fcaddy-ext%2Fflagr, and got the same issue. The error is like the picture below
I try to access the https://golang.org/x/[email protected] is get a response 404 page not found
Hello,
First of all, thank you for a great library that helps rate-limiting the number of requests.
Secondly, I'm having an issue with IPv6 addresses. As you might know that a simple /64 block assigned to customer contains millions of IP addresses and simple rate_limit * {remote.ip} 1r/m
just doesn't work as that customer could just use another IPv6 address from his own block.
Do you have any suggestions or maybe some kind of a feature might be implemented to solve rate-limiting for the IPv6 by blocks as well?
Thanks!
Thanks for writing & maintaining the ratelimit
plugin!
How do I configure a rate limit per /32
IPv4 & /64
IPv6 subnet, respectively?
Hey there,
I'm trying to protect a basicauth prompt against brute-forcing using rate_limit
, but for some reason it just does not trigger. I can curl
the path all day long and it will not even once return a 429
. Here's my config:
handle_path /test {
rate_limit {query.id} 1r/m
basicauth {
something something
}
reverse_proxy ...
}
any idea why?
Hi there, I'd love to use the layer4 app without giving up on the Caddyfile, since it's YAMLness makes it easy for me to configure.
Could your layer4 extension be used for the following scenario:
caddy server running as docker container, listening on 0.0.0.0443/tcp and 0.0.0.080/udp and 0.0.0.0:443/udp and 0.0.0.0:80/udp
(all docker containers share the same docker network, so they can be reached via local IP or DNS)
And leave the http reverse proxies as they are already defined?
Could something like this work:
https_port 443
http_port 80
servers tcp/:443 {
}
layer4 {
udp/:443 {
turn.domain.tld {
tls
proxy {
to udp/signaling_coturn:3389
}
}
vpn.domain.tld {
tls
proxy {
to udp/wireguard:51820
}
}
sub.domain1.tld, sub.domain2.tld, sub.domain3.tld, sub.domain4.tld {
tls
proxy {
to udp/dnsproxy:853
}
}
}
}
# normal http servers
sub.domain.tld {
...
When trying with
servers tcp/0.0.0.0:443 {
protocols h1 h2
}
layer4 {
udp/0.0.0.0:443 {
I get the following warning:
"layer4 app module: start: listen udp 0.0.0.0:443: bind: address already in use"
Hi, pls explaine for me. I want use rate limit for my URL https://site.dom/login .
And use
`
"host": ["*.site.dom"]
}
],
"handle": [
{
"handler": "rate_limit",
"key": "{path.zak}",
"rate": "1r/m",
"zone_size": 10000,
"reject_status": 429
},
and all time get response code 200 .
I expercted get 429 code during repeate of requests.
There's an IETF draft that defines some HTTP headers Ratelimit-*
which let the client know about how many requests they can make. This should be configurable.
OS: Linux 5.18.16-zen1-1-zen
Go version: go1.19 linux/amd64
step to reproduce:
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
xcaddy build \
--with github.com/RussellLuo/caddy-ext/ratelimit
./caddy
error log:
$ ./caddy
panic: Something in this program imports go4.org/unsafe/assume-no-moving-gc to declare that it assumes a non-moving garbage collector, but your version of go4.org/unsafe/assume-no-moving-gc hasn't been updated to assert that it's safe against the go1.19 runtime. If you want to risk it, run with environment variable ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH=go1.19 set. Notably, if go1.19 adds a moving garbage collector, this program is unsafe to use.
goroutine 1 [running]:
go4.org/unsafe/assume-no-moving-gc.init.0()
go4.org/unsafe/[email protected]/untested.go:25 +0x1f4
With the rate limiter, you are currently very constrained in what you can configure as a rate, because only limited so per second and per minute rates. Would be helpful to have rates like 100r/24h
or so.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.