diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 7f65e7a7671..b1fda44c4d2 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -40,7 +40,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.54
+          version: v1.55
 
           # Workaround for https://github.com/golangci/golangci-lint-action/issues/135
           skip-pkg-cache: true
diff --git a/.golangci.yml b/.golangci.yml
index 5f018970eb7..d144395dbda 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -15,35 +15,68 @@ linters-settings:
     # If `true`, make the section order the same as the order of `sections`.
     # Default: false
     custom-order: true
+  exhaustive:
+    ignore-enum-types: reflect.Kind|svc.Cmd
 
 linters:
   disable-all: true
   enable:
+    - asasalint
+    - asciicheck
+    - bidichk
     - bodyclose
+    - decorder
+    - dogsled
+    - dupl
+    - dupword
+    - durationcheck
     - errcheck
+    - errname
+    - exhaustive
+    - exportloopref
     - gci
+    - gofmt
+    - goimports
     - gofumpt
     - gosec
     - gosimple
     - govet
     - ineffassign
+    - importas
     - misspell
     - prealloc
+    - promlinter
+    - sloglint
+    - sqlclosecheck
     - staticcheck
+    - tenv
+    - testableexamples
+    - testifylint
+    - tparallel
     - typecheck
     - unconvert
     - unused
+    - wastedassign
+    - whitespace
+    - zerologlint
   # these are implicitly disabled:
-  # - asciicheck
+  # - containedctx
+  # - contextcheck
+  # - cyclop
   # - depguard
-  # - dogsled
-  # - dupl
-  # - exhaustive
-  # - exportloopref
+  # - errchkjson
+  # - errorlint
+  # - exhaustruct
+  # - execinquery
+  # - exhaustruct
+  # - forbidigo
+  # - forcetypeassert
   # - funlen
-  # - gci
+  # - ginkgolinter
+  # - gocheckcompilerdirectives
   # - gochecknoglobals
   # - gochecknoinits
+  # - gochecksumtype
   # - gocognit
   # - goconst
   # - gocritic
@@ -51,27 +84,47 @@ linters:
   # - godot
   # - godox
   # - goerr113
-  # - gofumpt
   # - goheader
-  # - golint
   # - gomnd
+  # - gomoddirectives
   # - gomodguard
   # - goprintffuncname
-  # - interfacer
+  # - gosmopolitan
+  # - grouper
+  # - inamedparam
+  # - interfacebloat
+  # - ireturn
   # - lll
-  # - maligned
+  # - loggercheck
+  # - maintidx
+  # - makezero
+  # - mirror
+  # - musttag
   # - nakedret
   # - nestif
+  # - nilerr
+  # - nilnil
   # - nlreturn
   # - noctx
   # - nolintlint
+  # - nonamedreturns
+  # - nosprintfhostport
+  # - paralleltest
+  # - perfsprint
+  # - predeclared
+  # - protogetter
+  # - reassign
+  # - revive
   # - rowserrcheck
-  # - scopelint
-  # - sqlclosecheck
   # - stylecheck
+  # - tagalign
+  # - tagliatelle
   # - testpackage
+  # - thelper
   # - unparam
-  # - whitespace
+  # - usestdlibvars
+  # - varnamelen
+  # - wrapcheck
   # - wsl
 
 run:
@@ -110,3 +163,6 @@ issues:
       text: 'G404' # G404: Insecure random number source (rand)
       linters:
         - gosec
+    - path: modules/logging/filters.go
+      linters:
+        - dupl
diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go
index edd825b88e6..da4f98337fb 100644
--- a/caddyconfig/caddyfile/adapter.go
+++ b/caddyconfig/caddyfile/adapter.go
@@ -52,7 +52,7 @@ func (a Adapter) Adapt(body []byte, options map[string]any) ([]byte, []caddyconf
 		return nil, warnings, err
 	}
 
-	// lint check: see if input was properly formatted; sometimes messy files files parse
+	// lint check: see if input was properly formatted; sometimes messy files parse
 	// successfully but result in logical errors (the Caddyfile is a bad format, I'm sorry)
 	if warning, different := FormattingDifference(filename, body); different {
 		warnings = append(warnings, warning)
diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go
index 26d3de660ab..666975140da 100644
--- a/caddytest/caddytest.go
+++ b/caddytest/caddytest.go
@@ -121,7 +121,6 @@ func (tc *Tester) initServer(rawConfig string, configType string) error {
 
 	tc.t.Cleanup(func() {
 		if tc.t.Failed() && tc.configLoaded {
-
 			res, err := http.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort))
 			if err != nil {
 				tc.t.Log("unable to read the current config")
diff --git a/context.go b/context.go
index 637e4aa916f..29111a2f3e0 100644
--- a/context.go
+++ b/context.go
@@ -176,7 +176,6 @@ func (ctx Context) LoadModule(structPointer any, fieldName string) (any, error)
 				return nil, err
 			}
 			result = val
-
 		} else if isJSONRawMessage(typ.Elem()) {
 			// val is `[]json.RawMessage`
 
@@ -192,7 +191,6 @@ func (ctx Context) LoadModule(structPointer any, fieldName string) (any, error)
 				all = append(all, val)
 			}
 			result = all
-
 		} else if typ.Elem().Kind() == reflect.Slice && isJSONRawMessage(typ.Elem().Elem()) {
 			// val is `[][]json.RawMessage`
 
@@ -213,7 +211,6 @@ func (ctx Context) LoadModule(structPointer any, fieldName string) (any, error)
 				all = append(all, allInner)
 			}
 			result = all
-
 		} else if isModuleMapType(typ.Elem()) {
 			// val is `[]map[string]json.RawMessage`
 
diff --git a/logging.go b/logging.go
index fe229505d47..e1ee015093e 100644
--- a/logging.go
+++ b/logging.go
@@ -517,7 +517,7 @@ func (cl *CustomLog) loggerAllowed(name string, isModule bool) bool {
 	// append a dot so that partial names don't match
 	// (i.e. we don't want "foo.b" to match "foo.bar"); we
 	// will also have to append a dot when we do HasPrefix
-	// below to compensate for when when namespaces are equal
+	// below to compensate for when namespaces are equal
 	if name != "" && name != "*" && name != "." {
 		name += "."
 	}
diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go
index dc35fa245fc..8f733a3f27f 100644
--- a/modules/caddyhttp/encode/encode.go
+++ b/modules/caddyhttp/encode/encode.go
@@ -311,7 +311,6 @@ func (rw *responseWriter) Unwrap() http.ResponseWriter {
 func (rw *responseWriter) init() {
 	if rw.Header().Get("Content-Encoding") == "" && isEncodeAllowed(rw.Header()) &&
 		rw.config.Match(rw) {
-
 		rw.w = rw.config.writerPools[rw.encodingName].Get().(Encoder)
 		rw.w.Reset(rw.ResponseWriter)
 		rw.Header().Del("Content-Length") // https://github.com/golang/go/issues/14975
diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go
index 04513dd85f3..d944c5778c1 100644
--- a/modules/caddyhttp/reverseproxy/fastcgi/client.go
+++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go
@@ -221,7 +221,6 @@ func (c *client) Request(p map[string]string, req io.Reader) (resp *http.Respons
 		if statusIsCut {
 			resp.Status = statusInfo
 		}
-
 	} else {
 		resp.StatusCode = http.StatusOK
 	}
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index 5993b7b11f0..0a803a83a0e 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -560,7 +560,6 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) {
 				return nil, fmt.Errorf("failed reading ca cert: %v", err)
 			}
 			rootPool.AppendCertsFromPEM(pemData)
-
 		}
 		cfg.RootCAs = rootPool
 	}
diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go
index be67b4f597a..201ff638bb4 100644
--- a/modules/caddyhttp/reverseproxy/reverseproxy.go
+++ b/modules/caddyhttp/reverseproxy/reverseproxy.go
@@ -487,7 +487,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h
 	upstream := h.LoadBalancing.SelectionPolicy.Select(upstreams, r, w)
 	if upstream == nil {
 		if proxyErr == nil {
-			proxyErr = caddyhttp.Error(http.StatusServiceUnavailable, noUpstreamsAvailable)
+			proxyErr = caddyhttp.Error(http.StatusServiceUnavailable, errNoUpstream)
 		}
 		if !h.LoadBalancing.tryAgain(h.ctx, start, retries, proxyErr, r) {
 			return true, proxyErr
@@ -1041,7 +1041,7 @@ func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, retries int
 		// we have to assume the upstream received the request, and
 		// retries need to be carefully decided, because some requests
 		// are not idempotent
-		if !isDialError && !(isHandlerError && errors.Is(herr, noUpstreamsAvailable)) {
+		if !isDialError && !(isHandlerError && errors.Is(herr, errNoUpstream)) {
 			if lb.RetryMatch == nil && req.Method != "GET" {
 				// by default, don't retry requests if they aren't GET
 				return false
@@ -1097,7 +1097,7 @@ func (h Handler) provisionUpstream(upstream *Upstream) {
 
 	// if the passive health checker has a non-zero UnhealthyRequestCount
 	// but the upstream has no MaxRequests set (they are the same thing,
-	// but the passive health checker is a default value for for upstreams
+	// but the passive health checker is a default value for upstreams
 	// without MaxRequests), copy the value into this upstream, since the
 	// value in the upstream (MaxRequests) is what is used during
 	// availability checks
@@ -1450,7 +1450,8 @@ func (c ignoreClientGoneContext) Err() error {
 // from the proxy handler.
 const proxyHandleResponseContextCtxKey caddy.CtxKey = "reverse_proxy_handle_response_context"
 
-var noUpstreamsAvailable = fmt.Errorf("no upstreams available")
+// errNoUpstream occurs when there are no upstream available.
+var errNoUpstream = fmt.Errorf("no upstreams available")
 
 // Interface guards
 var (
diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go
index cdc4f493b88..0d7f4157ec0 100644
--- a/modules/caddytls/internalissuer.go
+++ b/modules/caddytls/internalissuer.go
@@ -178,7 +178,6 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 				return d.ArgErr()
 			}
 			iss.SignWithRoot = true
-
 		}
 	}
 	return nil