Skip to content

Releases: csmith/centauri

v2.4.0

24 Dec 13:08
@github-actions github-actions
v2.4.0
7795e3c
This commit was signed with the committer’s verified signature.
csmith Chris Smith
SSH Key Fingerprint: PDORpGZA4QPjLOIC72cacMK1+4r073co5wNGzvoCRiA
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.4.0 Latest
Latest

New features

  • Support for network-based configuration. When -config-source / CONFIG_SOURCE
    is set to network, Centauri will attempt to connect out to the address
    specified in -config-network-address / CONFIG_NETWORK_ADDRESS. The initial
    config must be provided within 10 seconds of connection, and then any future
    updates can be pushed as needed. The protocol is documented in
    docs/network-config.md.
Assets 2
Loading

v2.3.0

08 Dec 14:19
@github-actions github-actions
v2.3.0
4daf4c9
This commit was signed with the committer’s verified signature.
csmith Chris Smith
SSH Key Fingerprint: PDORpGZA4QPjLOIC72cacMK1+4r073co5wNGzvoCRiA
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.3.0

New features

  • Support for the ACME Renewal Information (ARI) standard. Centauri will now
    automatically poll ARI to decide when a certificate should be renewed. If
    the ACME server doesn't support ARI then the existing behaviour is preserved
    (renewing 30 days before expiry). This helps to recover if a certificate is
    revoked, and makes it easier to deal with shorter-lived certificates.
  • Support for passing a profile when requesting a certificate. This can be used
    to opt in to different certificate configurations offered by the ACME service
    (e.g. adopting shorter-lived certificates before it's mandatory). Set using
    the -acme-profile flag or ACME_PROFILE env var.
Loading

v2.2.0

21 Sep 09:14
@github-actions github-actions
v2.2.0
d66c24d

Choose a tag to compare

View all tags
v2.2.0

New features

  • Routes with multiple domains can now have a redirect-to-primary directive,
    which will redirect all requests to the primary (first listed) domain.
    (issue #205)
Loading

v2.1.1

17 Sep 15:04
@github-actions github-actions
v2.1.1
dad5438

Choose a tag to compare

View all tags
v2.1.1

New features

  • Added -trusted-downstreams flag (TRUSTED_DOWNSTREAMS env var) for trusting
    X-Forwarded-* headers from certain clients (useful when Centauri is behind
    another proxy).

Other changes

  • Reverted changes to write and idle timeouts from 2.0.1. These were
    interfering with upstream services that expect clients to stay connected
    for a long time (e.g. long polling).
Loading

v2.1.0

03 Aug 15:51
@github-actions github-actions
v2.1.0
4961bc3

Choose a tag to compare

View all tags
v2.1.0

New features

  • Added -validate flag (or VALIDATE env var) that simply validates
    the config file and then exits.

Other changes

  • Tailscale log messages intended for the user (such as authentication links)
    will now be shown as INFO level log messages, instead of DEBUG.
  • Dependency updates.
Loading

v2.0.1

30 Jun 20:08
@github-actions github-actions
v2.0.1
a296085

Choose a tag to compare

View all tags
v2.0.1

Bug fixes

  • Fixed a rare issue when Centauri reloads its config several times in quick
    succession while also renewing certificates. In these circumstances, Centauri
    could stop answering requests until the certificate finished being renewed.

Other changes

  • Centauri now enforces read, write and idle timeouts on incoming HTTP
    connections. This reduces the potential effect of badly configured or
    deliberately malicious clients.
  • Centauri now logs when it finishes obtaining a certificate or OCSP
    staple. Previously it just logged when starting the process.
  • If Centauri is sent a SIGHUP signal while it is in the process of (re)loading
    its config, it will queue up another reload instead of executing them
    concurrently. Any further HUPs will be ignored until the queued reload
    executes. This may cause a slight delay in how quickly route changes are
    applied (if, for example, the first config reload requires new certificates
    to be obtained), but drastically increases stability.
Loading

v2.0.0

01 Jun 19:34
@github-actions github-actions
v2.0.0
73888dc

Choose a tag to compare

View all tags
v2.0.0

Breaking changes

  • The default paths used within the Docker image have changed:
    • Centauri's config is now loaded from /centauri.conf
      (previously: /home/nonroot/centauri.conf)
    • ACME user data is stored in /data/user.pem
      (previously: /home/nonroot/user.pem)
    • Certificates are stored in /data/certs.json
      (previously: /home/nonroot/certs.json)
    • Tailscale state is now stored in /data/tailscale/
      (previously: /home/nonroot/.config/tsnet___centauri/)
  • Centauri will no longer accept configurations that:
    • define a route with no upstreams, or
    • define a route with no domains.

Features

  • Added TAILSCALE_DIR setting to specify where Tailscale stores its
    state. If not set, uses the previous behaviour of a folder underneath
    the user config directory.
  • Centauri now uses structured logging. This allows you to filter logs by
    level (using the LOG_LEVEL setting), change the output format to JSON
    (using the LOG_FORMAT setting). The default log level is INFO; a
    lot of the more spammy day-to-day log lines are now DEBUG and hidden by
    default.

Other changes

  • The FRONTEND setting is now case-insensitive.
  • Added ACME_DISABLE_PROPAGATION_CHECK setting, which stops the ACME
    client from querying DNS servers to make sure the challenge records
    have propagated. This shouldn't be needed in normal use, but is handy
    for testing.
  • Added DEBUG_CPU_PROFILE setting, which will write out a CPU profile
    to the given file. Shouldn't be used in production deployments!
Loading