Commit 478ca801 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Solve ATS configuration asymmetry

Accessing http with path starting with /HTTPS/ would result with 503 responses
from ATS itself.

Test is covering the problem and also asserting that fix does not damage https
access with path starting with /HTTP/
parent 3c9ab2c1
Pipeline #15472 failed with stage
in 0 seconds
...@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-caddy-frontend] [profile-caddy-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = a6a626fd1579fd1d4b80ea67433ca16a md5sum = dd6542a91746e6e3720eaa1590792dbe
[profile-caddy-replicate] [profile-caddy-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
...@@ -30,7 +30,7 @@ md5sum = 1248911409cbeea980a838b04ee451d2 ...@@ -30,7 +30,7 @@ md5sum = 1248911409cbeea980a838b04ee451d2
[profile-slave-list] [profile-slave-list]
_update_hash_filename_ = templates/apache-custom-slave-list.cfg.in _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
md5sum = 8ce1d5bf09662d941f940be7e6493918 md5sum = a745fb8d61a7e2646e3aa55edf73e5a6
[profile-replicate-publish-slave-information] [profile-replicate-publish-slave-information]
_update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
......
...@@ -508,7 +508,7 @@ filename = logging.yaml ...@@ -508,7 +508,7 @@ filename = logging.yaml
{%- raw %} {%- raw %}
template = inline: template = inline:
map /HTTPS/ http://{{ ipv4 }}:{{ https_port }} map /HTTPS/ http://{{ ipv4 }}:{{ https_port }}
map / http://{{ ipv4 }}:{{ http_port }} map /HTTP/ http://{{ ipv4 }}:{{ http_port }}
{%- endraw %} {%- endraw %}
extra-context = extra-context =
raw ipv4 {{ instance_parameter_dict['ipv4-random'] }} raw ipv4 {{ instance_parameter_dict['ipv4-random'] }}
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
{%- set frontend_slave_list = [] %} {%- set frontend_slave_list = [] %}
{%- set part_list = [] %} {%- set part_list = [] %}
{%- set cache_port = caddy_configuration.get('cache-port') %} {%- set cache_port = caddy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %} {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
{%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %} {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
{%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %} {%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %}
......
...@@ -1485,6 +1485,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1485,6 +1485,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'enable_cache': True, 'enable_cache': True,
'disable-via-header': True, 'disable-via-header': True,
}, },
'enable_cache-https-only': {
'url': cls.backend_url,
'https-only': False,
'enable_cache': True,
},
'enable-http2-false': { 'enable-http2-false': {
'url': cls.backend_url, 'url': cls.backend_url,
'enable-http2': False, 'enable-http2': False,
...@@ -1681,9 +1686,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1681,9 +1686,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '50', 'accepted-slave-amount': '51',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '50', 'slave-amount': '51',
'rejected-slave-dict': { 'rejected-slave-dict': {
}, },
'warning-slave-dict': { 'warning-slave-dict': {
...@@ -3669,6 +3674,61 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3669,6 +3674,61 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
result.headers['Location'] result.headers['Location']
) )
def test_enable_cache_https_only(self):
parameter_dict = self.assertSlaveBase('enable_cache-https-only')
result = fakeHTTPSResult(
parameter_dict['domain'],
'test-path/deep/.././deeper', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
headers = result.headers.copy()
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
self.assertKeyWithPop('Age', headers)
# drop keys appearing randomly in headers
headers.pop('Transfer-Encoding', None)
headers.pop('Content-Length', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
{
'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Cache-Control': 'max-age=1, stale-while-revalidate=3600, '
'stale-if-error=3600'
},
headers
)
result = fakeHTTPResult(
parameter_dict['domain'],
'HTTPS/test', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
self.assertEqual(httplib.OK, result.status_code)
self.assertEqualResultJson(result, 'Path', '/HTTPS/test')
headers = result.headers.copy()
result = fakeHTTPSResult(
parameter_dict['domain'],
'HTTP/test', headers={
'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
'revalidate=3600, stale-if-error=3600'})
self.assertEqual(httplib.OK, result.status_code)
self.assertEqualResultJson(result, 'Path', '/HTTP/test')
headers = result.headers.copy()
def test_enable_cache(self): def test_enable_cache(self):
parameter_dict = self.assertSlaveBase('enable_cache') parameter_dict = self.assertSlaveBase('enable_cache')
......
...@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log ...@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-https-only_access_log
T-2/var/log/httpd/_enable_cache-https-only_backend_log
T-2/var/log/httpd/_enable_cache-https-only_error_log
T-2/var/log/httpd/_enable_cache_access_log T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_backend_log T-2/var/log/httpd/_enable_cache_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log T-2/var/log/httpd/_enable_cache_custom_domain_access_log
......
...@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log ...@@ -55,6 +55,9 @@ T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
T-2/var/log/httpd/_enable_cache-disable-via-header_access_log T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
T-2/var/log/httpd/_enable_cache-disable-via-header_error_log T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
T-2/var/log/httpd/_enable_cache-https-only_access_log
T-2/var/log/httpd/_enable_cache-https-only_backend_log
T-2/var/log/httpd/_enable_cache-https-only_error_log
T-2/var/log/httpd/_enable_cache_access_log T-2/var/log/httpd/_enable_cache_access_log
T-2/var/log/httpd/_enable_cache_backend_log T-2/var/log/httpd/_enable_cache_backend_log
T-2/var/log/httpd/_enable_cache_custom_domain_access_log T-2/var/log/httpd/_enable_cache_custom_domain_access_log
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment