1.4

1.4

Release date: 2021-08-26

This release introduces Beta Features. We use beta features to develop and experiment with new, complex features for you while still being able to maintain our compatibility promise. You can see beta features as a feature preview. To make users aware that a beta feature is used their configuration items are prefixed with beta_.

The first beta features incorporate the OAuth2 functionality into the Access Control capabilities of Couper. The beta_oauth2 {} block implements OAuth2 Authorization Code Grant Flows. The companion block beta_oidc {} implements OIDC, which allows simple integration of 3rd-party systems such as Google, Github or Keycloak for SSO (Single-Sign-On).

Together with transparent Websockets support that you can enable in your proxy {} block, you can guard existing Web applications with Couper via OIDC.

To aid observability of your setups, Couper sends its request ID as the Couper-Request-Id HTTP header in both backend requests and client responses. This makes it possible to trace events and correlate logs throughout the service chain. Couper can also accept a request ID generated by a downstream system like for example a load balancer. Like all settings, these can be configured in the config, as command line flag or via environment variables.

Load balancers or ingress services often provide X-Forwarded-Host headers. Couper can be configured to use these to change the properties of the request variable. This allows a Couper configuration to adapt to the run time enviroment, for example to create a back link for OIDC or SAML authorization requests with the request.origin variable.

If your applications are running in multiple setups, like testing and production environments, there will likely be more parameters that you want to have configurable. Backend origins, user names, credentials, timeouts, all that could be nice to be changed without a new deployment. Couper supports using environment variables with env.VAR-like expressions. Now, Couper can also provide default values for those variables. This makes it easy to have values configurable without the need to provide values outside of Couper (e.g. in Kubernetes). Our env vars example shows that in action.

• Added

  • environment_variables map in the defaults block to define default values for environment variables (#271)
  • https-dev-proxy option creates a TLS server listing on the given TLS port. Requests are forwarded to the given server port. The certificate is generated on-the-fly. This function is intended for local development setups to support browser features requiring HTTPS connections, such as secure cookies. (#281)
  • websockets option in proxy block enables transparent websocket support when proxying to upstream backends (#198)
  • Client request variables request.url, request.origin, request.protocol, request.host and request.port (#255)
  • Run option -accept-forwarded-url and setting accept_forwarded_url to accept proto, host, or port from X-Forwarded-Proto, X-Forwarded-Host or X-Forwarded-Port request headers (#255)
  • Couper sends its request ID as Couper-Request-Id HTTP header in backend requests and client responses. This can be configured with the request_id_backend_header and request_id_client_header settings (#268)
  • request_id_accept_from_header setting configures Couper to use a downstream request ID instead of generating its own in order to help correlating log events accross services (#268)
  • couper.version variable (#274)
  • protocol, host, port, origin, body, json_body to backend_requests variable (#278)
  • Locking to avoid concurrent requests to renew OAuth2 Client Credentials access tokens (#270)

• Changed

  • The sp_acs_url in the SAML Block may now be relative (#265)

• Fixed

  • No GZIP compression for small response bodies (#186)
  • Missing error type for request/response body, json_body or form_body related HCL evaluation errors (#276)
  • request.url and backend_requests.<label>.url now contain a query string if present (#278)
  • backend_responses.<label>.status is now integer (#278)
  • backend_requests.<label>.form_body was always empty (#278)
  • Documentation of request.query.<name> (#278)
  • Missing access log on some error cases (#267)
  • Panic during backend origin / url usage with previous parse error (#206)
  • Basic Auth did not work if only the htpasswd_file attribute was defined (#293)
  • Missing error handling for backend gzip header reads (#291)
  • ResponseWriter fallback for possible statusCode 0 writes (#291)
  • ResponseWriter buffer behaviour; prepared chunk writes (#301)
  • Proper client-request canceling (#294)

• Beta

  • OAuth2 Authorization Code Grant Flow: beta_oauth2 {} block; beta_oauth_authorization_url() and beta_oauth_verifier() (#247)
  • OIDC Authorization Code Grant Flow: beta_oidc {} block (#273)