Caddy v0.11.1 fixes QUIC issues.

Not released yet functionality for regular expression cookie rewriting
is available: https://github.com/mholt/caddy/pull/2144

Not released yet functionality for ca_certifices in proxy:
https://github.com/mholt/caddy/pull/2380

Zenexer fixes for regerssion in v0.11.1

Note: Since Caddy release v0.11.0 certificates has to match sites
      served by Caddy. This will result in lack of response for sites served
      on HTTPS for which certificate names (subject COMMON_NAME,
      subjectAltName DNS or IP) does not match site name.

nodejs 8 does not seem to support higher version.

/reviewed-on nexedi/slapos!461

Caddy since 0.11.1 requires that certificate match the exposed site, so in
order to being able to serve ip access sites each frontend node needs
to generate certificate with its IP in the subjectAltName.

Not released yet functionality for regular expression cookie rewriting
is available: https://github.com/mholt/caddy/pull/2144

Caddy v0.11.1 fixes QUIC issues.

Zenexer fixes for regerssion in v0.11.1

Note: Since Caddy release v0.11.0 certificates has to match sites
      served by Caddy. This will result in lack of response for sites served
      on HTTPS for which certificate names (subject COMMON_NAME,
      subjectAltName DNS or IP) does not match site name.

openssl 1.1.1 has unresloved incompatibilities with python2.7
(https://bugs.python.org/issue32947), where 1.1.0 seems to work
(https://bugs.python.org/issue26470)

Also disable parallel make.

/reviewed-on nexedi/slapos!459

I'm not sure if this should be merged or not... but I let it here for reference...

/reviewed-on nexedi/slapos!428

  direct access fail on the new buildout.

Validate only if interesting files are changed.

Simplify validation and graceful scripts, have one template for all cases.

Aviod needless repetition.

Note: There is limit of arguments to be passed to commands, see
https://www.in-ulm.de/~mascheck/various/argmax/, but we are safe for now:

  $ getconf ARG_MAX
  2097152

So we are keeping shell expansion instead of playing with find or other tools.

Caddy's -log can log to file, but there is no control over logrotation, so
it resuls with leftover logrotated files in the instance. As we have
already system to catch process logs (supervisor) move the logging there.

error-log stays for errors of catch-all and various non-slave instances.

testnodes also needs Xvfb, which is provided by xserver

It's better to make Selenium Server a separate software, seleniumrunner just needs to make firefox available to erp5testnode.

/reviewed-on nexedi/slapos!457

We don't need ssl features in shellinabox as we make it listen on a unix socket.
This allows to remove the dependency between shellinabox and openssl.

just to provide firefox and Xvfb to testnode

seleniumrunner software recently became a full selenium server, which is
different from the original software, that was only intended as being a
minimal software to make firefox available for erp5testnode.

This caused several problems in erp5testnode, because erp5testnode needs
to be always able to build seleniumrunner from master branch (which is
probably wrong in the first place). With this software having lots of
components, the risk of build problems increased.

Also, it's something else, so let's make it another software.

/reviewed-on nexedi/slapos!456

This is needed by slapos.recipe.cmmi

To fix the build of golang1.10, since the buildout process keeps
/dev/random and /dev/urandom open (where ?).

Allow origin is now to the http_origin because origin "*" will fail if
withCredentials is set in the request header

Revert previous commit as OpenSSL 1.0/1.1 are already used here and there. Instead make OpenSSH uses OpenSSL 1.0.

This reverts commit 6ca7789a.

Revert "component/openssl: Version up 1.1.1": OpenSSH 7.4p1 does not support OpenSSL 1.1 (FTBFS on erp5testnode).

This reverts commit 14d98aee.

The download URL for the .war was the same for all versions, being
updated evertime there's a new version.

Now plantuml team changed their release process to distribute each
release under a different URL, so we can just use the new URL.

https://github.com/plantuml/plantuml/issues/153

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.

Since default openssl component is 1.1 and is not compatible with this
component, use openssl-1.0.