caddy-0.9.25

Dependency updates

• caddy-kubernetes-storage pinned to 22ad645
• caddy-storage-redis pinned to v1.8.0

Helm chart: 0.9.25

Full diff: caddy-0.9.24...caddy-0.9.25

caddy-0.9.24

Bug Fixes

• RBAC: ingresses missing patch verb — caddy-k8s auto-patches the caddy.ingress/waf-rules-configmap annotation back onto the Ingress after creating the ConfigMap, but the ClusterRole only granted get/list/watch. Every sync cycle logged a 403 Forbidden. Added patch to the ingresses rule.

Helm chart: 0.9.24 (was 0.9.23)

Dependency Updates

• coraza-caddy v2.4.0 → v2.5.0
• caddy-ratelimit commit pin → v0.1.0 (first stable release)
• caddy-maxmind-geolocation v1.0.1 → v1.0.3
• caddy-crowdsec-bouncer v0.10.1 → v0.12.1
• caddy-security v1.1.59 → v1.1.62

Helm chart: 0.9.23

Full diff: caddy-0.9.23...caddy-0.9.24

caddy-0.9.23

Dependency Updates

• coraza-caddy v2.4.0 → v2.5.0
• caddy-ratelimit commit pin → v0.1.0 (first stable release)
• caddy-maxmind-geolocation v1.0.1 → v1.0.3
• caddy-crowdsec-bouncer v0.10.1 → v0.12.1
• caddy-security v1.1.59 → v1.1.62

Helm chart: 0.9.23

Full diff: caddy-0.9.22...caddy-0.9.23

caddy-0.9.22

Bug Fixes

• admin.api INFO suppression not working — setting level: WARN on a named logger without a writer is silently ignored by Caddy. Fixed by giving the admin.api logger a full config (writer + encoder + level + include filter) AND adding admin.api to the default logger's exclude list. Also moved all default logger configuration into a single configureDefaultLogger() call so http.log.access and admin.api excludes are always written together.

Helm chart: 0.9.22

Full diff: caddy-0.9.21...caddy-0.9.22

caddy-0.9.9

Bug Fixes

• Route upsert no longer fails with duplicate @id error — PUT /id/<id> momentarily indexes both the old and new route entries before removing the old one, causing Caddy to reject the update with duplicate ID found at routes/1 and routes/2. Fixed by switching to DELETE + POST, which removes the existing route atomically before re-adding the updated one.
• X-Real-IP / X-Forwarded-For headers now carry the real client IP — the {client_ip} Caddyfile shorthand is not a raw JSON placeholder; {http.vars.client_ip} is the correct form in the admin-API JSON config. Changed injectRealIP to use {http.vars.client_ip} so the headers expand to the trusted-proxy-aware client IP instead of the literal string {client_ip}.

Helm chart: 0.9.9

• Placeholder :80 / :443 blocks now carry a respond /healthz 200 route — empty server blocks leave the routes field as null in Caddy's JSON config. When k8s_ingress tries to POST a new route to a null array, Caddy returns cannot unmarshal object into RouteList. The placeholder routes initialise the array so dynamic route injection works on a fresh pod.

Full diff: caddy-0.9.8...caddy-0.9.9

caddy-0.9.21

Bug Fixes

• Caddyfile crash on verbose_logs — verbose_logs was missing from UnmarshalCaddyfile, causing Caddy to exit with unknown k8s_ingress option: verbose_logs.

Helm chart: 0.9.21

Full diff: caddy-0.9.20...caddy-0.9.21

caddy-0.9.20

New Features

• verbose_logs option — new k8sIngress.verboseLogs Helm value (default false). When off: per-ingress sync/annotation events are demoted to Debug level; the admin.api logger is set to WARN, hiding per-request INFO entries while keeping errors visible. Set to true to restore full Info-level logging for debugging.

Bug Fixes

• config is unchanged log noise — the access log manager was PATCHing skip_hosts on every 30s ingress re-sync even when the list hadn't changed, causing Caddy to emit a "config is unchanged" INFO line per ingress per cycle. Fixed by tracking the last-sent skip list and skipping the PATCH when the value is identical.

Helm chart: 0.9.20

Full diff: caddy-0.9.19...caddy-0.9.20

caddy-0.9.19

Bug Fixes

• Duplicate access log entries (real fix) — root cause identified: Caddy's default global logger catches ALL log entries including http.log.access.*, and the named "access" logger also receives the same entries via default_logger_name routing — producing two writes per request. Fixed by restoring include: ["http.log.access"] on the "access" logger (limiting its scope) AND configuring the default global logger with exclude: ["http.log.access"] (removing it from the catch-all). Each request now produces exactly one access log line.

Helm chart: 0.9.19

Full diff: caddy-0.9.18...caddy-0.9.19

caddy-0.9.18

Bug Fixes

• Duplicate access log entries — every HTTP request was written twice: once via the global include: ["http.log.access"] filter on the named logger, and once via the server's default_logger_name routing. Fixed by removing the include filter; entries now reach the "access" logger only through default_logger_name, producing exactly one line per request.

Helm chart: 0.9.18

Full diff: caddy-0.9.17...caddy-0.9.18

caddy-0.9.17

Bug Fixes

• Access logging missing for HTTP requests — accessLogManager only configured access logging on the HTTPS server (srv0). Requests arriving on the HTTP server (srv1, port 80) produced no access log entries. Fixed by passing httpServerName to the manager; Enable() and rebuild() now configure and maintain skip_hosts on both servers.

Helm chart: 0.9.17

Full diff: caddy-0.9.16...caddy-0.9.17