Commit 9b9adb87 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Fix prefer-gzip with https-only

Due to missing test and rare condition, if https-only and
prefer-gzip-encoding-to-backend were true accessing http:// of the
slave resulted with redirecting to the https:// url with prefer-gzip
added to the path, which is fixed and tested here.
parent de298104
Pipeline #6523 failed with stage
...@@ -54,7 +54,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -54,7 +54,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 9a984febd7fa14a4ea94599f3e83139c md5sum = b5447e33658b8a81b75275630f9da119
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
...@@ -73,7 +73,7 @@ ...@@ -73,7 +73,7 @@
} }
{%- if not (slave_type == 'zope' and backend_url) %} {%- if not (slave_type == 'zope' and backend_url) %}
{% if prefer_gzip %} {% if prefer_gzip and not (not tls and https_only) %}
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
...@@ -138,7 +138,7 @@ ...@@ -138,7 +138,7 @@
/ {scheme}://{host}/{{ default_path }} / {scheme}://{host}/{{ default_path }}
} {# redir #} } {# redir #}
{%- endif %} {#- if default_path #} {%- endif %} {#- if default_path #}
{%- if prefer_gzip %} {%- if prefer_gzip and not (not tls and https_only) %}
rewrite { rewrite {
regexp (.*) regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
......
...@@ -1186,6 +1186,12 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1186,6 +1186,12 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'prefer-gzip-encoding-to-backend': 'true', 'prefer-gzip-encoding-to-backend': 'true',
'type': 'zope', 'type': 'zope',
}, },
'type-zope-prefer-gzip-encoding-to-backend-https-only': {
'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true',
'type': 'zope',
'https-only': 'true',
},
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt': { 'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt': {
'url': cls.backend_https_url, 'url': cls.backend_https_url,
'type': 'zope', 'type': 'zope',
...@@ -1337,6 +1343,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1337,6 +1343,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'url': cls.backend_url, 'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true', 'prefer-gzip-encoding-to-backend': 'true',
}, },
'prefer-gzip-encoding-to-backend-https-only': {
'url': cls.backend_url,
'prefer-gzip-encoding-to-backend': 'true',
'https-only': 'true',
},
'disabled-cookie-list': { 'disabled-cookie-list': {
'url': cls.backend_url, 'url': cls.backend_url,
'disabled-cookie-list': 'Chocolate Vanilia', 'disabled-cookie-list': 'Chocolate Vanilia',
...@@ -1430,9 +1441,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1430,9 +1441,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
expected_parameter_dict = { expected_parameter_dict = {
'monitor-base-url': 'https://[%s]:13000' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:13000' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '52', 'accepted-slave-amount': '54',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '52', 'slave-amount': '54',
'rejected-slave-dict': { 'rejected-slave-dict': {
} }
} }
...@@ -2310,6 +2321,86 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -2310,6 +2321,86 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqual( self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding']) 'gzip', result.json()['Incoming Headers']['accept-encoding'])
def test_type_zope_prefer_gzip_encoding_to_backend_https_only(self):
parameter_dict = self.assertSlaveBase(
'type-zope-prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackendhttpsonly.example.com:443/'
'/VirtualHostRoot/test-path/deeper'
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackendhttpsonly.example.com:443/'
'/VirtualHostRoot/test-path/deeper'
)
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deep/.././deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
def test_type_zope_virtualhostroot_http_port(self): def test_type_zope_virtualhostroot_http_port(self):
parameter_dict = self.assertSlaveBase( parameter_dict = self.assertSlaveBase(
'type-zope-virtualhostroot-http-port') 'type-zope-virtualhostroot-http-port')
...@@ -3661,6 +3752,140 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -3661,6 +3752,140 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path/deeper') self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
def test_prefer_gzip_encoding_to_backend_https_only(self):
parameter_dict = self.assertSlaveBase(
'prefer-gzip-encoding-to-backend-https-only')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
result = fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
httplib.FOUND,
result.status_code
)
self.assertEqual(
'https://%s/test-path/deeper' % (parameter_dict['domain'],),
result.headers['Location']
)
def test_disabled_cookie_list(self): def test_disabled_cookie_list(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list')
......
...@@ -70,6 +70,8 @@ T-2/var/log/httpd/_monitor-ipv4-test_access_log ...@@ -70,6 +70,8 @@ T-2/var/log/httpd/_monitor-ipv4-test_access_log
T-2/var/log/httpd/_monitor-ipv4-test_error_log T-2/var/log/httpd/_monitor-ipv4-test_error_log
T-2/var/log/httpd/_monitor-ipv6-test_access_log T-2/var/log/httpd/_monitor-ipv6-test_access_log
T-2/var/log/httpd/_monitor-ipv6-test_error_log T-2/var/log/httpd/_monitor-ipv6-test_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_re6st-optimal-test_access_log T-2/var/log/httpd/_re6st-optimal-test_access_log
...@@ -110,6 +112,8 @@ T-2/var/log/httpd/_type-zope-default-path_access_log ...@@ -110,6 +112,8 @@ T-2/var/log/httpd/_type-zope-default-path_access_log
T-2/var/log/httpd/_type-zope-default-path_error_log T-2/var/log/httpd/_type-zope-default-path_error_log
T-2/var/log/httpd/_type-zope-path_access_log T-2/var/log/httpd/_type-zope-path_access_log
T-2/var/log/httpd/_type-zope-path_error_log T-2/var/log/httpd/_type-zope-path_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log T-2/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment