Some tests need to play with IPv6, and it would be better, if they would use
IPv6 on which the test system has control.

/reviewed-on nexedi/slapos!467

Do not emit needless diff into log.

Do not stop processing in case of validation failure.

Caddy reloads configuration on USR1 not on HUP.

/reviewed-on nexedi/slapos!465

This way when setting `udp:<port>` in `nat-rules` instance parameter, it won't mess up with buildout's syntax.

PS: It seems the UDP won't work at all since `6tunnel` doesn't support TCP tunneling, so this is more of a cosmetic fix.

/reviewed-on nexedi/slapos!464

This reverts commit 9243ace4

There are some bizarre issues with notebook, which happen randomly.

/reviewed-on nexedi/slapos!463

once a release including https://github.com/proftpd/proftpd/issues/674
is made we can update to openssl 1.1

/reviewed-on nexedi/slapos!460

/reviewed-on nexedi/slapos!445

Caddy v0.11.1 fixes QUIC issues.

Not released yet functionality for regular expression cookie rewriting
is available: https://github.com/mholt/caddy/pull/2144

Not released yet functionality for ca_certifices in proxy:
https://github.com/mholt/caddy/pull/2380

Zenexer fixes for regerssion in v0.11.1

Note: Since Caddy release v0.11.0 certificates has to match sites
      served by Caddy. This will result in lack of response for sites served
      on HTTPS for which certificate names (subject COMMON_NAME,
      subjectAltName DNS or IP) does not match site name.

nodejs 8 does not seem to support higher version.

/reviewed-on nexedi/slapos!461

Caddy since 0.11.1 requires that certificate match the exposed site, so in
order to being able to serve ip access sites each frontend node needs
to generate certificate with its IP in the subjectAltName.

Not released yet functionality for regular expression cookie rewriting
is available: https://github.com/mholt/caddy/pull/2144

Caddy v0.11.1 fixes QUIC issues.

Zenexer fixes for regerssion in v0.11.1

Note: Since Caddy release v0.11.0 certificates has to match sites
      served by Caddy. This will result in lack of response for sites served
      on HTTPS for which certificate names (subject COMMON_NAME,
      subjectAltName DNS or IP) does not match site name.

openssl 1.1.1 has unresloved incompatibilities with python2.7
(https://bugs.python.org/issue32947), where 1.1.0 seems to work
(https://bugs.python.org/issue26470)

Also disable parallel make.

/reviewed-on nexedi/slapos!459

I'm not sure if this should be merged or not... but I let it here for reference...

/reviewed-on nexedi/slapos!428

  direct access fail on the new buildout.

Validate only if interesting files are changed.

Simplify validation and graceful scripts, have one template for all cases.

Aviod needless repetition.

Note: There is limit of arguments to be passed to commands, see
https://www.in-ulm.de/~mascheck/various/argmax/, but we are safe for now:

  $ getconf ARG_MAX
  2097152

So we are keeping shell expansion instead of playing with find or other tools.