Commit d5a15b5b authored by Łukasz Nowak's avatar Łukasz Nowak

software/rapid-cdn: Clean up in cluster parameters

Change how defaults are handled in the cluster:

 * master instance handles all defaults for all nodes
   * it is the one place with all defaults
   * depending on parameter style default is global for the cluster or can be
     specified per node with -frontend-config-<i>-parameter
 * kedifa and frontend nodes need everything to be passed, in order to
   simplify the request
 * configuration. defaults are dropped, as their scope is too large - they are
   not only defaulting the value on the master, but on each requested node
   which leads to extreme complexity of parameter passing
 * use extra_slave_instance_list only, as instance-slave-list is reserved
   parameter provided by slapos.cookbook:slapconfiguration, sent by SlapOS
   Master as slave_instance_list, to the master partition; enforce
   transmissions of slave list in extra_slave_instance_list and consider
   it's always present
 * useless replication_number return value is dropped
parent c2358460
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# not need these here). # not need these here).
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = d16e2bf70560829c0759330ae78dd9be md5sum = 15673a36048e2b181e421dd88f00d1b4
[profile-common] [profile-common]
filename = instance-common.cfg.in filename = instance-common.cfg.in
...@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = 55319389f1c69775d48cecd1b20ad19a md5sum = a9332dbce01635cca8f8217a1fe49c44
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = 75aea27c0e2c97bd0b422bb1557a9ef4 md5sum = e757ae0579da03744df61491b97e7f03
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
md5sum = 535bfb8d12e77e06007a97d066407765 md5sum = c3f7cfe613a5f07cf47577219fbc08aa
[profile-master-publish-slave-information] [profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181 md5sum = 83e62c4970892aac98d26fc77602ea5e
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 49fc74e8948181014c1af863dbff1b59 md5sum = 29c885e86e0fbe48f4988a36879eb57a
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
...@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df ...@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration] [template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in _update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 13942d8f5525b748cf3cfc2665a87f63 md5sum = 7f7e9b4161554480890f8fa097b9ca51
[template-empty] [template-empty]
_update_hash_filename_ = templates/empty.in _update_hash_filename_ = templates/empty.in
...@@ -62,11 +62,11 @@ md5sum = 975177dedf677d24e14cede5d13187ce ...@@ -62,11 +62,11 @@ md5sum = 975177dedf677d24e14cede5d13187ce
[template-trafficserver-records-config] [template-trafficserver-records-config]
_update_hash_filename_ = templates/trafficserver/records.config.jinja2 _update_hash_filename_ = templates/trafficserver/records.config.jinja2
md5sum = 715baa302d562a7e4eddc3d1bf72f981 md5sum = 4d980dbf70413c1758dda72c12c02246
[template-trafficserver-storage-config] [template-trafficserver-storage-config]
_update_hash_filename_ = templates/trafficserver/storage.config.jinja2 _update_hash_filename_ = templates/trafficserver/storage.config.jinja2
md5sum = d022455a8610bac2dd51101edb035987 md5sum = a45d35e4b847642fda8c2703dff92fcc
[template-trafficserver-logging-yaml] [template-trafficserver-logging-yaml]
_update_hash_filename_ = templates/trafficserver/logging.yaml.jinja2 _update_hash_filename_ = templates/trafficserver/logging.yaml.jinja2
...@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a ...@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
[profile-kedifa] [profile-kedifa]
filename = instance-kedifa.cfg.in filename = instance-kedifa.cfg.in
md5sum = 3606573b615ed1aa0b760ae691379d24 md5sum = 924b222bd2773542bbad382afa5fbe5b
[template-frontend-haproxy-rsyslogd-conf] [template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in _update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
...@@ -119,3 +119,11 @@ md5sum = b79addf01b6fb93c2f3d018e83eff766 ...@@ -119,3 +119,11 @@ md5sum = b79addf01b6fb93c2f3d018e83eff766
[template-expose-csr-nginx-conf] [template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in _update_hash_filename_ = templates/expose-csr-nginx.conf.in
md5sum = 5620baa8819fcc8340fa6777ee551a1a md5sum = 5620baa8819fcc8340fa6777ee551a1a
[instance-slave-input-schema]
filename = instance-slave-input-schema.json
md5sum = e7ecc17559b7a9f3dfcc918a0e8b390b
[instance-input-schema]
filename = instance-input-schema.json
md5sum = 2a0986621fe3bae23bc1f28566e1d130
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set HTTP3_PORT = instance_parameter_dict['configuration']['http3-port'] %}
{%- set HTTP3_PORT = instance_parameter_dict.get('configuration.http3-port', '443') %} {%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['enable-http3'] %}
{%- if instance_parameter_dict.get('configuration.enable-http3', 'false').lower() in TRUE_VALUES %}
{%- set FRONTEND_HTTP3 = True %}
{%- else %}
{%- set FRONTEND_HTTP3 = False %}
{%- endif %}
{%- if FRONTEND_HTTP3 %} {%- if FRONTEND_HTTP3 %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %} {%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- else %} {%- else %}
...@@ -235,7 +230,7 @@ command = ...@@ -235,7 +230,7 @@ command =
-new -newkey rsa -sha256 \ -new -newkey rsa -sha256 \
-nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
-keyout ${:certificate} \ -keyout ${:certificate} \
-subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration.frontend-name'] }}" \ -subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration']['frontend-name'] }}" \
-out ${:certificate}' -out ${:certificate}'
[jinja2-template-base] [jinja2-template-base]
...@@ -327,7 +322,7 @@ crl = ${:d}/crl.pem ...@@ -327,7 +322,7 @@ crl = ${:d}/crl.pem
[backend-client-login-csr] [backend-client-login-csr]
recipe = plone.recipe.command recipe = plone.recipe.command
organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }} organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
organizational_unit = {{ instance_parameter_dict['configuration.frontend-name'] }} organizational_unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
command = command =
{% if instance_parameter_dict['configuration']['backend-client-caucase-url'] %} {% if instance_parameter_dict['configuration']['backend-client-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
...@@ -365,15 +360,17 @@ filename = instance-slave-list.cfg ...@@ -365,15 +360,17 @@ filename = instance-slave-list.cfg
master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }} master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }}
software_type = single-custom-personal software_type = single-custom-personal
organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }} organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }} organizational-unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
backend-client-caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }} backend-client-caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }}
url-ready-file = ${directory:var}/url-ready.txt url-ready-file = ${directory:var}/url-ready.txt
http3-enable = {{ FRONTEND_HTTP3 }} http3-enable = {{ dumps(FRONTEND_HTTP3) }}
SLAVE_DEFAULTS = {{ dumps(SLAVE_DEFAULTS) }}
extra-context = extra-context =
key backend_client_caucase_url :backend-client-caucase-url key backend_client_caucase_url :backend-client-caucase-url
import furl_module furl import furl_module furl
import urllib_module urllib import urllib_module urllib
import operator_module operator import operator_module operator
key SLAVE_DEFAULTS :SLAVE_DEFAULTS
key master_key_download_url :master_key_download_url key master_key_download_url :master_key_download_url
key url_ready_file :url-ready-file key url_ready_file :url-ready-file
key expose_csr_organization :organization key expose_csr_organization :organization
...@@ -483,8 +480,8 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} && ...@@ -483,8 +480,8 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value} version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value} node-id = ${frontend-node-id:value}
http3-enable = {{ FRONTEND_HTTP3 }} http3-enable = {{ dumps(FRONTEND_HTTP3) }}
http3-port = {{ HTTP3_PORT }} http3-port = {{ dumps(HTTP3_PORT) }}
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
...@@ -816,7 +813,7 @@ statistic-certificate = ${self-signed-ip-access:certificate} ...@@ -816,7 +813,7 @@ statistic-certificate = ${self-signed-ip-access:certificate}
statistic-port = ${configuration:backend-haproxy-statistic-port} statistic-port = ${configuration:backend-haproxy-statistic-port}
statistic-username = ${monitor-instance-parameter:username} statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd} statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }} statistic-identification = {{ instance_parameter_dict['configuration']['frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access} statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
version-hash = ${version-hash:value} version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value} node-id = ${frontend-node-id:value}
...@@ -958,8 +955,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg ...@@ -958,8 +955,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting # directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u' # with need to strip !py!'u'
monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }} monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration.monitor-password'] | string }} password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
[monitor-conf-parameters] [monitor-conf-parameters]
private-path-list += private-path-list +=
...@@ -999,20 +996,20 @@ config-url = ${configuration:re6st-verification-url} ...@@ -999,20 +996,20 @@ config-url = ${configuration:re6st-verification-url}
[slave-introspection-frontend] [slave-introspection-frontend]
<= slap-connection <= slap-connection
recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }} name = Slave Introspection Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true shared = true
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/ config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['slave-introspection-https-port'] }}/
config-https-only = true config-https-only = true
return = secure_access return = secure_access
[backend-haproxy-statistic-frontend] [backend-haproxy-statistic-frontend]
<= slap-connection <= slap-connection
recipe = slapos.cookbook:requestoptional recipe = slapos.cookbook:requestoptional
name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }} name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true shared = true
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/ config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['backend-haproxy-statistic-port'] }}/
config-https-only = true config-https-only = true
return = domain secure_access return = domain secure_access
...@@ -1123,10 +1120,8 @@ config-filename = ${logrotate-setup-validate:state-file} ...@@ -1123,10 +1120,8 @@ config-filename = ${logrotate-setup-validate:state-file}
config-state = empty config-state = empty
[configuration] [configuration]
{%- for key, value in instance_parameter_dict.items() -%} {% for key, value in instance_parameter_dict['configuration'].items() %}
{%- if key.startswith('configuration.') %} {{ key }} = {{ dumps(value) }}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor %} {%- endfor %}
[instance-parameter-section] [instance-parameter-section]
...@@ -1134,7 +1129,7 @@ config-state = empty ...@@ -1134,7 +1129,7 @@ config-state = empty
{#- XXX: Some other approach would be useful #} {#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %} {%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.items() -%} {%- for key, value in instance_parameter_dict.items() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %} {%- if not key.startswith('configuration') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{%- endif -%} {%- endif -%}
{%- endfor %} {%- endfor %}
......
...@@ -4,25 +4,29 @@ ...@@ -4,25 +4,29 @@
"-frontend-quantity": { "-frontend-quantity": {
"description": "Quantity of Frontends Replicate.", "description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity", "title": "Frontend Replication Quantity",
"type": "integer" "type": "integer",
"default": 1
}, },
"apache-certificate": { "apache-certificate": {
"description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.", "description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
"textarea": true, "textarea": true,
"title": "[DEPRECATED] SSL Certificate, with optional CA certificate", "title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
"type": "string" "type": "string",
"default": ""
}, },
"apache-key": { "apache-key": {
"description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.", "description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
"textarea": true, "textarea": true,
"title": "[DEPRECATED] SSL Key", "title": "[DEPRECATED] SSL Key",
"type": "string" "type": "string",
"default": ""
}, },
"domain": { "domain": {
"description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.", "description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
"format": "idn-hostname", "format": "idn-hostname",
"title": "Domain", "title": "Domain",
"type": "string" "type": "string",
"default": "example.org"
}, },
"enable-http2-by-default": { "enable-http2-by-default": {
"default": "true", "default": "true",
...@@ -119,6 +123,16 @@ ...@@ -119,6 +123,16 @@
"title": "Default size of disk cache on each node (bytes)", "title": "Default size of disk cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'", "description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string" "type": "string"
},
"plain_http_port": {
"default": 8080,
"title": "Port to which frontend node shall bind to serve HTTP traffic",
"type": "integer"
},
"port": {
"default": 4443,
"title": "Port to which frontend node shall bind to serve HTTPS (and HTTP/3) traffic",
"type": "integer"
} }
}, },
"title": "Input Parameters", "title": "Input Parameters",
......
...@@ -25,14 +25,14 @@ parts = ...@@ -25,14 +25,14 @@ parts =
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter # Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting # directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u' # with need to strip !py!'u'
monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }} monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration.monitor-password'] | string }} password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
[caucased] [caucased]
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{% set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %} {% set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %}
{% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration.caucase_port'] -%} {% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration']['caucase_port'] -%}
{% set caucase_url = 'http://' ~ caucase_netloc -%} {% set caucase_url = 'http://' ~ caucase_netloc -%}
{{ caucase.caucased( {{ caucase.caucased(
prefix='caucased', prefix='caucased',
...@@ -198,7 +198,7 @@ context = ...@@ -198,7 +198,7 @@ context =
[kedifa-config] [kedifa-config]
ip = {{ instance_parameter_dict['ipv6-random'] }} ip = {{ instance_parameter_dict['ipv6-random'] }}
port = {{ instance_parameter_dict['configuration.kedifa_port'] }} port = {{ instance_parameter_dict['configuration']['kedifa_port'] }}
db = ${directory:kedifa}/kedifa.sqlite db = ${directory:kedifa}/kedifa.sqlite
certificate = ${directory:etc-kedifa}/certificate.pem certificate = ${directory:etc-kedifa}/certificate.pem
key = ${:certificate} key = ${:certificate}
...@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate} ...@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
<= logrotate-entry-base <= logrotate-entry-base
name = kedifa name = kedifa
log = ${kedifa-config:logfile} log = ${kedifa-config:logfile}
rotate-num = {{ instance_parameter_dict['configuration.rotate-num'] | int }} rotate-num = {{ instance_parameter_dict['configuration']['rotate-num'] | int }}
delaycompress = delaycompress =
[kedifa] [kedifa]
......
...@@ -19,10 +19,6 @@ ...@@ -19,10 +19,6 @@
'log-access-urls', 'log-access-urls',
log_access_list log_access_list
) %} ) %}
{% do current_slave_dict.__setitem__(
'replication_number',
current_slave_dict.get('replication_number', 0) + 1
) %}
{% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %} {% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}
......
This diff is collapsed.
...@@ -208,9 +208,8 @@ ...@@ -208,9 +208,8 @@
"type": "integer" "type": "integer"
}, },
"ciphers": { "ciphers": {
"title": "Ordered space separated list of ciphers", "title": "Ordered space separated list of ciphers. Defaults to cluster setup.",
"type": "string", "type": "string"
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
}, },
"authenticate-to-backend": { "authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.", "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
...@@ -262,25 +261,25 @@ ...@@ -262,25 +261,25 @@
"health-check-timeout": { "health-check-timeout": {
"title": "Health Check Timeout (seconds)", "title": "Health Check Timeout (seconds)",
"description": "A timeout to for the request to be fulfilled, after connection happen.", "description": "A timeout to for the request to be fulfilled, after connection happen.",
"default": "2", "default": 2,
"type": "integer" "type": "integer"
}, },
"health-check-interval": { "health-check-interval": {
"title": "Health Check Interval (seconds)", "title": "Health Check Interval (seconds)",
"description": "An interval of health check.", "description": "An interval of health check.",
"default": "5", "default": 5,
"type": "integer" "type": "integer"
}, },
"health-check-rise": { "health-check-rise": {
"title": "Health Check Rise", "title": "Health Check Rise",
"description": "Amount of correct responses from the backend to consider it up.", "description": "Amount of correct responses from the backend to consider it up.",
"default": "1", "default": 1,
"type": "integer" "type": "integer"
}, },
"health-check-fall": { "health-check-fall": {
"title": "Health Check Fall", "title": "Health Check Fall",
"description": "Amount of bad responses from the backend to consider it down.", "description": "Amount of bad responses from the backend to consider it down.",
"default": "1", "default": 1,
"type": "integer" "type": "integer"
}, },
"health-check-failover-url": { "health-check-failover-url": {
...@@ -324,7 +323,7 @@ ...@@ -324,7 +323,7 @@
"strict-transport-security": { "strict-transport-security": {
"title": "Strict Transport Security", "title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0", "default": 0,
"type": "integer" "type": "integer"
}, },
"strict-transport-security-sub-domains": { "strict-transport-security-sub-domains": {
......
...@@ -18,10 +18,6 @@ ...@@ -18,10 +18,6 @@
"description": "List of URLs to access logs", "description": "List of URLs to access logs",
"type": "array" "type": "array"
}, },
"replication_number": {
"description": "Number of nodes the slave is replicated",
"type": "integer"
},
"secure_access": { "secure_access": {
"description": "URL for HTTP access", "description": "URL for HTTP access",
"type": "string" "type": "string"
......
...@@ -36,6 +36,50 @@ kedifa = dynamic-profile-kedifa:output ...@@ -36,6 +36,50 @@ kedifa = dynamic-profile-kedifa:output
{{ key }} = {{ dumps(value) }} {{ key }} = {{ dumps(value) }}
{% endfor -%} {% endfor -%}
[schema-json-to-default]
recipe = slapos.recipe.build
init =
import json
default_dict = dict()
with open(options['input']) as fh:
input_json = json.load(fh)
input_mapping = {}
if 'input-mapping' in options:
for mapping_line in options['input-mapping'].splitlines():
filename, section = mapping_line.split()
input_mapping[filename] = section
def fetchLevel(input_json):
default_dict = {}
for property, value_dict in input_json['properties'].items():
if value_dict.get('type') == 'object' and 'allOf' in value_dict:
value = {}
for entry in value_dict['allOf']:
with open(input_mapping[entry['$ref']]) as in_fh:
in_input_json = json.load(in_fh)
value.update(fetchLevel(in_input_json))
default_dict[property] = value
elif 'default' in value_dict:
if value_dict['default'] in ['false', 'true']:
# input schema json type is mostly incorrect, so guess the most
# important boolean type
default_dict[property] = value_dict['default'] == 'true'
else:
default_dict[property] = value_dict['default']
elif 'properties' in value_dict:
default_dict[property] = fetchLevel(value_dict)
else:
default_dict[property] = None
return default_dict
options['defaults'] = fetchLevel(input_json)
[instance-slave-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_slave_input_schema'] }}
[instance-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_input_schema'] }}
[dynamic-profile-frontend] [dynamic-profile-frontend]
< = jinja2-template-base < = jinja2-template-base
url = {{ software_parameter_dict['profile_frontend'] }} url = {{ software_parameter_dict['profile_frontend'] }}
...@@ -43,6 +87,7 @@ filename = instance-frontend.cfg ...@@ -43,6 +87,7 @@ filename = instance-frontend.cfg
extra-context = extra-context =
import furl_module furl import furl_module furl
raw software_type single-custom-personal raw software_type single-custom-personal
key SLAVE_DEFAULTS instance-slave-default:defaults
[dynamic-profile-master] [dynamic-profile-master]
< = jinja2-template-base < = jinja2-template-base
...@@ -55,6 +100,8 @@ extra-context = ...@@ -55,6 +100,8 @@ extra-context =
import operator_module operator import operator_module operator
import validators validators import validators validators
import software software import software software
key CLUSTER_DEFAULTS instance-default:defaults
key SLAVE_DEFAULTS instance-slave-default:defaults
# Must match the key id in [switch-softwaretype] which uses this section. # Must match the key id in [switch-softwaretype] which uses this section.
# Keep RootSoftwareInstance for backward compatibility until all instances have # Keep RootSoftwareInstance for backward compatibility until all instances have
# changed their software_type to default # changed their software_type to default
...@@ -76,35 +123,3 @@ partition = ${slap-connection:partition-id} ...@@ -76,35 +123,3 @@ partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url} url = ${slap-connection:server-url}
key = ${slap-connection:key-file} key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file} cert = ${slap-connection:cert-file}
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = example.org
configuration.port = 4443
configuration.plain_http_port = 8080
configuration.plain_nginx_port = 8081
configuration.nginx_port = 9443
configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990
configuration.apache-key =
configuration.apache-certificate =
configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G
configuration.re6st-verification-url =
configuration.enable-http2-by-default = true
configuration.enable-http3 = false
configuration.http3-port = 443
configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
configuration.request-timeout = 600
configuration.frontend-name =
configuration.backend-connect-timeout = 5
configuration.backend-connect-retries = 3
configuration.backend-haproxy-http-port = 21080
configuration.backend-haproxy-https-port = 21443
configuration.backend-haproxy-statistic-port = 21444
configuration.authenticate-to-backend = False
configuration.rotate-num = 4000
configuration.slave-introspection-https-port = 22443
...@@ -100,6 +100,8 @@ template_trafficserver_storage_config = ${template-trafficserver-storage-config: ...@@ -100,6 +100,8 @@ template_trafficserver_storage_config = ${template-trafficserver-storage-config:
template_validate_script = ${template-validate-script:target} template_validate_script = ${template-validate-script:target}
template_wrapper = ${template-wrapper:output} template_wrapper = ${template-wrapper:output}
template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target} template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
instance_slave_input_schema = ${instance-slave-input-schema:target}
instance_input_schema = ${instance-input-schema:target}
# directories # directories
bin_directory = ${buildout:bin-directory} bin_directory = ${buildout:bin-directory}
...@@ -213,6 +215,12 @@ output = ${buildout:directory}/template-wrapper.cfg ...@@ -213,6 +215,12 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-frontend-haproxy-rsyslogd-conf] [template-frontend-haproxy-rsyslogd-conf]
<=download-template <=download-template
[instance-slave-input-schema]
<=download-profile
[instance-input-schema]
<=download-profile
[versions] [versions]
kedifa = 0.0.7 kedifa = 0.0.7
# Modern KeDiFa requires zc.lockfile # Modern KeDiFa requires zc.lockfile
......
...@@ -78,7 +78,7 @@ frontend https-backend ...@@ -78,7 +78,7 @@ frontend https-backend
{%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %} {%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%- endif %} {%- endif %}
{%- do ssl_list.append('ssl verify') %} {%- do ssl_list.append('ssl verify') %}
{%- if slave_instance['ssl_proxy_verify'] %} {%- if slave_instance['ssl-proxy-verify'] %}
{%- if slave_instance['path_to_ssl_proxy_ca_crt'] %} {%- if slave_instance['path_to_ssl_proxy_ca_crt'] %}
{%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %} {%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
{%- else %} {%- else %}
......
{%- if configuration['http3-enable'] == 'True' %}
{%- set HTTP3 = True %}
{%- else %}
{%- set HTTP3 = False %}
{%- endif %}
global global
pidfile {{ configuration['pid-file'] }} pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management # master-worker is compatible with foreground with process management
...@@ -60,7 +55,7 @@ frontend http-frontend ...@@ -60,7 +55,7 @@ frontend http-frontend
frontend https-frontend frontend https-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
{%- if HTTP3 %} {%- if configuration['http3-enable'] %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
{%- endif %} {%- endif %}
...@@ -76,7 +71,7 @@ frontend https-frontend ...@@ -76,7 +71,7 @@ frontend https-frontend
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %} {%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %} {%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }} backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- if HTTP3 and slave_instance['enable-http3'] %} {%- if configuration['http3-enable'] and slave_instance['enable-http3'] %}
http-after-response set-header alt-svc "h3=\":{{ configuration['http3-port'] }}\"; ma=3600" http-after-response set-header alt-svc "h3=\":{{ configuration['http3-port'] }}\"; ma=3600"
{#- Ask Chromium to use HTTP3 #} {#- Ask Chromium to use HTTP3 #}
http-after-response set-header alternate-protocol {{ configuration['http3-port'] }}:quic http-after-response set-header alternate-protocol {{ configuration['http3-port'] }}:quic
...@@ -112,7 +107,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -112,7 +107,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
http-after-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}" http-after-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %} {%- for disabled_cookie in slave_instance['disabled-cookie-list'].split() %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3 http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %} {%- endfor %}
{%- if slave_instance['disable-no-cache-request'] %} {%- if slave_instance['disable-no-cache-request'] %}
......
...@@ -156,7 +156,7 @@ CONFIG proxy.config.net.max_requests_in INT 10000 ...@@ -156,7 +156,7 @@ CONFIG proxy.config.net.max_requests_in INT 10000
# https://docs.trafficserver.apache.org/records.config#ram-cache # https://docs.trafficserver.apache.org/records.config#ram-cache
# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html # https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html
############################################################################## ##############################################################################
CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration.get('ram-cache-size', '1G') }} CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration['ram-cache-size'] }}
CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304 CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
# https://docs.trafficserver.apache.org/records.config#proxy-config-cache-limits-http-max-alts # https://docs.trafficserver.apache.org/records.config#proxy-config-cache-limits-http-max-alts
CONFIG proxy.config.cache.limits.http.max_alts INT 5 CONFIG proxy.config.cache.limits.http.max_alts INT 5
......
...@@ -50,4 +50,4 @@ ...@@ -50,4 +50,4 @@
# A small default cache (256MB). This is set to allow for the regression test to succeed # A small default cache (256MB). This is set to allow for the regression test to succeed
# most likely you'll want to use a larger cache. And, we definitely recommend the use # most likely you'll want to use a larger cache. And, we definitely recommend the use
# of raw devices for production caches. # of raw devices for production caches.
{{ ats_configuration.get("cache-path") }} {{ ats_configuration.get("disk-cache-size") }} {{ ats_configuration["cache-path"] }} {{ ats_configuration["disk-cache-size"] }}
...@@ -69,6 +69,7 @@ from cryptography.x509.oid import NameOID ...@@ -69,6 +69,7 @@ from cryptography.x509.oid import NameOID
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
from slapos.testing.utils import findFreeTCPPort from slapos.testing.utils import findFreeTCPPort
from slapos.testing.utils import getPromisePluginParameterDict from slapos.testing.utils import getPromisePluginParameterDict
if __name__ == '__main__': if __name__ == '__main__':
SlapOSInstanceTestCase = object SlapOSInstanceTestCase = object
else: else:
...@@ -76,6 +77,7 @@ else: ...@@ -76,6 +77,7 @@ else:
os.path.abspath( os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))) os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
# ports chosen to not collide with test systems # ports chosen to not collide with test systems
HTTP_PORT = '11080' HTTP_PORT = '11080'
HTTPS_PORT = '11443' HTTPS_PORT = '11443'
...@@ -1394,7 +1396,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase): ...@@ -1394,7 +1396,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
hostname = reference.replace('_', '').replace('-', '').lower() hostname = reference.replace('_', '').replace('-', '').lower()
expected_parameter_dict.update(**{ expected_parameter_dict.update(**{
'domain': '%s.example.com' % (hostname,), 'domain': '%s.example.com' % (hostname,),
'replication_number': '1',
'url': 'http://%s.example.com' % (hostname, ), 'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ), 'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ), 'secure_access': 'https://%s.example.com' % (hostname, ),
...@@ -4869,7 +4870,7 @@ class TestSlaveHttp3(TestSlave): ...@@ -4869,7 +4870,7 @@ class TestSlaveHttp3(TestSlave):
'kedifa_port': KEDIFA_PORT, 'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT, 'caucase_port': CAUCASE_PORT,
'request-timeout': '12', 'request-timeout': '12',
'enable-http3': 'True', 'enable-http3': True,
'http3-port': HTTPS_PORT, 'http3-port': HTTPS_PORT,
} }
max_client_version = '3.0' max_client_version = '3.0'
...@@ -4995,7 +4996,6 @@ class TestReplicateSlave( ...@@ -4995,7 +4996,6 @@ class TestReplicateSlave(
self.assertEqual( self.assertEqual(
{ {
'domain': 'replicate.example.com', 'domain': 'replicate.example.com',
'replication_number': '2',
'url': 'http://replicate.example.com', 'url': 'http://replicate.example.com',
'site_url': 'http://replicate.example.com', 'site_url': 'http://replicate.example.com',
'secure_access': 'https://replicate.example.com', 'secure_access': 'https://replicate.example.com',
...@@ -6481,7 +6481,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase): ...@@ -6481,7 +6481,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual( self.assertEqual(
{ {
'domain': 'defaultpathunsafe.example.com', 'domain': 'defaultpathunsafe.example.com',
'replication_number': '1',
'url': 'http://defaultpathunsafe.example.com', 'url': 'http://defaultpathunsafe.example.com',
'site_url': 'http://defaultpathunsafe.example.com', 'site_url': 'http://defaultpathunsafe.example.com',
'secure_access': 'https://defaultpathunsafe.example.com', 'secure_access': 'https://defaultpathunsafe.example.com',
...@@ -6824,14 +6823,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6824,14 +6823,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
'backend-connect-timeout': '2', 'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers', 'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0', 'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'enable-http3': 'false', 'enable-http3': False,
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-1', 'frontend-name': 'caddy-frontend-1',
'http3-port': '443', 'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411, 'monitor-httpd-port': 8411,
...@@ -6841,6 +6844,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6841,6 +6844,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'ram-cache-size': '512K', 'ram-cache-size': '512K',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'request-timeout': '100', 'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}' 'slave-kedifa-information': '{}'
}, },
'caddy-frontend-2': { 'caddy-frontend-2': {
...@@ -6851,14 +6856,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6851,14 +6856,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
'backend-connect-timeout': '2', 'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers', 'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0', 'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'enable-http3': 'false', 'enable-http3': False,
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-2', 'frontend-name': 'caddy-frontend-2',
'http3-port': '443', 'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412, 'monitor-httpd-port': 8412,
...@@ -6868,6 +6877,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6868,6 +6877,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'ram-cache-size': '256K', 'ram-cache-size': '256K',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'request-timeout': '100', 'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}' 'slave-kedifa-information': '{}'
}, },
'caddy-frontend-3': { 'caddy-frontend-3': {
...@@ -6878,22 +6889,29 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6878,22 +6889,29 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url, 'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1', 'backend-connect-retries': '1',
'backend-connect-timeout': '2', 'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers', 'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0', 'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com', 'domain': 'example.com',
'enable-http2-by-default': 'True', 'enable-http2-by-default': 'True',
'enable-http3': 'false', 'enable-http3': False,
'extra_slave_instance_list': '[]', 'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-3', 'frontend-name': 'caddy-frontend-3',
'http3-port': '443', 'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413, 'monitor-httpd-port': 8413,
'monitor-username': 'admin', 'monitor-username': 'admin',
'plain_http_port': '11080', 'plain_http_port': '11080',
'port': '11443', 'port': '11443',
'ram-cache-size': '1G',
're6st-verification-url': 're6st-verification-url', 're6st-verification-url': 're6st-verification-url',
'request-timeout': '100', 'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}' 'slave-kedifa-information': '{}'
}, },
'kedifa': { 'kedifa': {
...@@ -6904,6 +6922,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6904,6 +6922,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': '8402', 'monitor-httpd-port': '8402',
'monitor-username': 'admin', 'monitor-username': 'admin',
'rotate-num': 4000,
'slave-list': [] 'slave-list': []
}, },
'testing partition 0': { 'testing partition 0': {
...@@ -7086,7 +7105,7 @@ backend _health-check-connect-http ...@@ -7086,7 +7105,7 @@ backend _health-check-connect-http
timeout connect 5s timeout connect 5s
retries 3 retries 3
server _health-check-connect-backend-http %s check inter 5s""" server _health-check-connect-backend-http %s check inter 5s"""
""" rise 1 fall 2 """ rise 1 fall 1
timeout check 2s""" % (backend,), timeout check 2s""" % (backend,),
'health-check-custom': """\ 'health-check-custom': """\
backend _health-check-custom-http backend _health-check-custom-http
...@@ -7103,7 +7122,7 @@ backend _health-check-default-http ...@@ -7103,7 +7122,7 @@ backend _health-check-default-http
timeout connect 5s timeout connect 5s
retries 3 retries 3
server _health-check-default-backend-http %s check inter 5s""" server _health-check-default-backend-http %s check inter 5s"""
""" rise 1 fall 2 """ rise 1 fall 1
option httpchk GET / HTTP/1.1 option httpchk GET / HTTP/1.1
timeout check 2s""" % (backend, ) timeout check 2s""" % (backend, )
} }
......
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [] "slave-list": []
}, },
"full_address_list": [], "full_address_list": [],
...@@ -39,12 +40,24 @@ ...@@ -39,12 +40,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"enable-http3": "false", "disk-cache-size": "8G",
"domain": "example.org",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -53,6 +66,11 @@ ...@@ -53,6 +66,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}" "slave-kedifa-information": "{}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [] "slave-list": []
}, },
"full_address_list": [], "full_address_list": [],
...@@ -37,12 +38,24 @@ ...@@ -37,12 +38,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"enable-http3": "false", "disk-cache-size": "8G",
"domain": "example.org",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -51,6 +64,11 @@ ...@@ -51,6 +64,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}" "slave-kedifa-information": "{}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [] "slave-list": []
}, },
"full_address_list": [], "full_address_list": [],
...@@ -38,13 +39,24 @@ ...@@ -38,13 +39,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]", "extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -53,6 +65,11 @@ ...@@ -53,6 +65,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}" "slave-kedifa-information": "{}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"enable_cache": true, "enable_cache": true,
...@@ -53,13 +54,24 @@ ...@@ -53,13 +54,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -68,7 +80,11 @@ ...@@ -68,7 +80,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": "http://@@_ipv4_address@@:@@_server_http_port@@/re6st.html", "re6st-verification-url": "http://@@_ipv4_address@@:@@_server_http_port@@/re6st.html",
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@/@@default_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@/@@default_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -36,6 +36,7 @@ ...@@ -36,6 +36,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"enable_cache": true, "enable_cache": true,
...@@ -56,13 +57,24 @@ ...@@ -56,13 +57,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -71,6 +83,11 @@ ...@@ -71,6 +83,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
...@@ -85,13 +102,24 @@ ...@@ -85,13 +102,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-2", "frontend-name": "caddy-frontend-2",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -100,6 +128,11 @@ ...@@ -100,6 +128,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"enable_cache": true, "enable_cache": true,
...@@ -67,14 +68,24 @@ ...@@ -67,14 +68,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384", "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -83,6 +94,11 @@ ...@@ -83,6 +94,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -56,6 +56,7 @@ ...@@ -56,6 +56,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"custom_domain": "*.example.com", "custom_domain": "*.example.com",
...@@ -93,13 +94,24 @@ ...@@ -93,13 +94,24 @@
}, },
{ {
"_": { "_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]", "extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -108,7 +120,11 @@ ...@@ -108,7 +120,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": "12", "request-timeout": "12",
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"enable_cache": true, "enable_cache": true,
...@@ -56,13 +57,22 @@ ...@@ -56,13 +57,22 @@
"_": { "_": {
"apache-certificate": "@@certificate_pem@@", "apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@", "apache-key": "@@key_pem@@",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -71,6 +81,11 @@ ...@@ -71,6 +81,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
"monitor-httpd-port": "8402", "monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@", "monitor-password": "@@monitor-password@@",
"monitor-username": "admin", "monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [ "slave-list": [
{ {
"enable_cache": true, "enable_cache": true,
...@@ -56,13 +57,22 @@ ...@@ -56,13 +57,22 @@
"_": { "_": {
"apache-certificate": "@@certificate_pem@@", "apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@", "apache-key": "@@key_pem@@",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990", "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0", "cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com", "domain": "example.com",
"enable-http3": "false", "enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]", "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"http3-port": "443", "http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -71,6 +81,11 @@ ...@@ -71,6 +81,11 @@
"monitor-username": "admin", "monitor-username": "admin",
"plain_http_port": "11080", "plain_http_port": "11080",
"port": "11443", "port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}" "slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
}, },
"full_address_list": [], "full_address_list": [],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment