akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
103f0e0ae983a05a8480a8a6479c8d281a5328ce
Charon/docs/plans/caddy_upgrade_plan.md
GitHub Actions 048b0c10a7 chore(deps): upgrade Caddy to v2.11.0-beta.2 
- Bump Caddy from v2.10.2 to v2.11.0-beta.2
- Remove manual quic-go v0.57.1 patch (now at v0.58.0 upstream)
- Remove manual smallstep/certificates v0.29.0 patch (now upstream)
- Keep expr-lang/expr v1.17.7 patch (still required)

All tests pass with 86%+ coverage. Zero security vulnerabilities.
2026-01-06 20:20:41 +00:00

162 lines
3.3 KiB
Markdown
Raw Blame History

# Caddy v2.11.0-beta.2 Upgrade Plan
**Created:** 2026-01-06
**Risk Level:** LOW
**Estimated Duration:** 30-45 minutes
## Overview
Upgrade Caddy from v2.10.2 to v2.11.0-beta.2 to gain:
- Built-in quic-go v0.58.0 (removes need for CVE patch)
- Built-in smallstep/certificates v0.29.0 (removes need for manual patch)
- Various bug fixes and enhancements
---
## Phase 1: Dockerfile Changes
**File:** `/projects/Charon/Dockerfile`
### 1.1 Update Caddy Version
Change line ~17:
```dockerfile
# FROM:
ARG CADDY_VERSION=2.10.2
# TO:
ARG CADDY_VERSION=2.11.0-beta.2
```
### 1.2 Remove Obsolete Dependency Patches
In the Caddy builder stage (~line 108-115), remove these patches that are now included upstream:
```dockerfile
# REMOVE these lines:
# renovate: datasource=go depName=github.com/quic-go/quic-go
go get github.com/quic-go/quic-go@v0.57.1; \
# renovate: datasource=go depName=github.com/smallstep/certificates
go get github.com/smallstep/certificates@v0.29.0; \
```
**KEEP this patch** (still required):
```dockerfile
# renovate: datasource=go depName=github.com/expr-lang/expr
go get github.com/expr-lang/expr@v1.17.7; \
```
### 1.3 Update Comments
Update the version comment block (~lines 9-17) to reflect the beta version.
---
## Phase 2: Build Verification
### 2.1 Build Docker Image
```bash
docker build --no-cache -t charon:caddy-upgrade-test .
```
### 2.2 Verify Caddy Starts
```bash
docker run --rm charon:caddy-upgrade-test caddy version
```
Expected output should show `v2.11.0-beta.2`.
### 2.3 Verify Plugins Load
```bash
docker run --rm charon:caddy-upgrade-test caddy list-modules | grep -E "security|coraza|crowdsec|maxmind|rate"
```
Expected plugins:
- `http.handlers.crowdsec`
- `http.handlers.waf` (coraza)
- `http.matchers.maxminddb`
- `http.handlers.rate_limit`
- `security` (caddy-security)
---
## Phase 3: Testing
### 3.1 Backend Unit Tests
```bash
# Using existing task
# Task: "Test: Backend Unit Tests"
cd backend && go test ./... -v
```
### 3.2 Integration Tests
```bash
# Start the container
docker compose -f .docker/compose/docker-compose.local.yml up -d
# Run Coraza WAF tests
# Task: "Integration: Coraza WAF"
# Run CrowdSec tests
# Task: "Integration: CrowdSec"
```
### 3.3 Manual Verification Checklist
- [ ] Caddy health endpoint responds: `curl http://localhost:2019/config/`
- [ ] Config reload works: `curl -X POST http://localhost:2019/load -H "Content-Type: application/json" -d @test-config.json`
- [ ] HTTPS/certificate automation works (if applicable)
- [ ] WAF rules trigger correctly
- [ ] CrowdSec bouncer integration works
---
## Phase 4: Documentation
### 4.1 Update CHANGELOG.md
Add entry under next release:
```markdown
### Changed
- Upgraded Caddy from v2.10.2 to v2.11.0-beta.2
- Removed manual quic-go and smallstep/certificates patches (now included upstream)
```
### 4.2 Update Version References
Search and update any version references:
```bash
grep -r "2.10.2" docs/
```
---
## Rollback Plan
If issues are encountered:
1. Revert `ARG CADDY_VERSION` to `2.10.2`
2. Restore the removed dependency patches
3. Rebuild the image
---
## Post-Upgrade Monitoring
After deployment:
- Monitor Caddy logs for errors: `docker logs -f <container> 2>&1 | grep -i caddy`
- Check certificate renewal works
- Verify no performance regressions
Reference in New Issue View Git Blame Copy Permalink