Skip to content

slapos
slapos

rapid-cdn: Handle correctly wildcard domains 

While generating haproxy configuration (including it's CRT list) the specific
order of entries is used, so that wildcard domains end up last. Thanks to this
they work as a catch-all and allow specific domain to take precedence. Care
is taken to support *.example.example.com and *.example.com situation - so
tree like possibility of wildcards.

Anonymous in-place ACL are used per each domain, instead of per-shared
instance grouping in order to avoid situation like *.example.com and
example.com having single ACL, thus resulting with catch-all kicking in too
fast.

For the precision in the haproxy configuration and simplifcation of the regular
expressions the -m reg is used, so that host_only can be applied, which also
lowercases the hostname.

Notes:
 * test00cluster_request_instance_parameter_dict changed due to sorting slaves
   in test's requestSlaves
 * the test infrastructure has been improved to assure repetition of the
   situation
 * tests in TestSlaveHostHaproxyClash are asserting that correct domain AND
   that specific certificate have been used while serving given frontend
   configuration
2 jobs for fix/rapid-cdn-wildcard-host-match in 0 seconds
a039c8cf a039c8cf147dddb8c72da243f3298c78ce0bfd9e
1 related merge request: !1434 Fix/rapid cdn wildcard host match
Status Job ID Name Coverage
  External
passed #613533
external
SlapOS.SoftwareReleases.IntegrationTest-luke/fix/rapid-cdn-wildcard-host-match

04:01:11

passed #613459
external retried
SlapOS.SoftwareReleases.IntegrationTest-luke/fix/rapid-cdn-wildcard-host-match

04:43:07

 
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7