caddy-frontend: Stabilise cached access

While reading templates/cached-virtualhost.conf.in it seems, that
SSL-enabled host shall be exposed, but this is not true -- it is
connecting to SSL backend, but listening on non-SSL.

In order to stabilise this add assertsion to test_enable_cache
which access cached ports directly and show its functionality, thus
resolving added TODO.

software/caddy-frontend/TODO.rst

 Generally things to be done with ``caddy-frontend``:
 
- * **CRITICAL** fix templates/cached-virtualhost.conf.in SSL-enabled hosts with proper test
  * ``apache-ca-certificate`` shall be merged with ``apache-certificate``
  * (new) ``type:websocket`` slave
  * ``type:eventsource`` https://lab.nexedi.com/nexedi/slapos/merge_requests/312#note_58483

software/caddy-frontend/buildout.hash.cfg

@@ -54,7 +54,7 @@ md5sum = 9568465d1c1423343f7b043c8345f917
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = eafc7e73d7fe47ba9930343bcb876d63
+md5sum = 811b4fca0668b84655372687f234ee81
 
 [template-log-access]
 filename = templates/template-log-access.conf.in

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -2,15 +2,15 @@
 {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
 {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
 {%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
-{%- set http_host_list = [] %}
-{%- set https_host_list = [] %}
+{%- set http_backend_host_list = [] %}
+{%- set https_backend_host_list = [] %}
 {%- for host in host_list %}
-{%-   do http_host_list.append('http://%s:%s' % (host, cached_port)) %}
-{%-   do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
+{%-   do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
+{%-   do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
 {%- endfor %}
 
 # Only accept generic (i.e not Zope) backends on http
-{{ http_host_list|join(', ') }} {
+{{ http_backend_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
@@ -33,12 +33,11 @@
   }
 }
 
-{{ https_host_list|join(', ') }} {
+{{ https_backend_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}
-##  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
   proxy / {{ slave_parameter.get('https_backend_url', '') }} {
     # As backend is trusting REMOTE_USER header unset it always
     header_upstream -REMOTE_USER

software/caddy-frontend/test/test.py

@@ -1727,6 +1727,42 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
        'Set-Cookie': 'secured=value;secure, nonsecured=value'}
     )
 
+    result_direct = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      port=26011)
+
+    self.assertEqualResultJson(result_direct, 'Path', '/test-path')
+
+    try:
+      j = result_direct.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+
+    self.assertEqual(
+      result_direct.headers['Set-Cookie'],
+      'secured=value;secure, nonsecured=value'
+    )
+
+    result_direct_https_backend = self.fakeHTTPResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
+      port=26012)
+
+    self.assertEqualResultJson(
+      result_direct_https_backend, 'Path', '/test-path')
+
+    try:
+      j = result_direct_https_backend.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (
+        result_direct_https_backend.text,))
+    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
+
+    self.assertEqual(
+      result_direct_https_backend.headers['Set-Cookie'],
+      'secured=value;secure, nonsecured=value'
+    )
+
   def test_enable_cache_disable_no_cache_request(self):
     parameter_dict = self.slave_connection_parameter_dict_dict[
       'enable_cache-disable-no-cache-request']