{% set obsolete_message = "This software type doesn't exist anymore. Please see documentation at XXXX" -%}
{% set obsolete_message = "This software type doesn't exist anymore. Please ask Rapid.Space team to switch your services to the correct software types (gNB, eNB and Core Network)" -%}
{% set part_list = [] -%}
{%- for i, slave in enumerate(slave_instance_list) %}
* ``-frontend-config-i-foo``: Frontend i will be requested with parameter foo, supported parameters are:
* ``ram-cache-size``
* ``disk-cache-size``
* ``enable-http3``
* ``http3-port``
* ``-sla-i-foo`` : where "i" is the number of the concerned frontend (between 1 and "-frontend-quantity") and "foo" a sla parameter.
For example::
...
...
@@ -480,17 +482,3 @@ websocket
~~~~~~~~~
All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
Experimental QuicTLS
~~~~~~~~~~~~~~~~~~~~
`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
Experimental QUIC
~~~~~~~~~~~~~~~~~
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Please note that due to limitations of iptables method used to expose low ports, the ``-frontend-i-experimental-quic-port`` is by default ``443``, which is used when advertisting the QUIC/HTTP3 port to the client.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
"description":"Globally enable HTTP3 protocol. Can be precisely set on each node by -frontend-i-config-enable-http3",
"enum":[
"true",
"false"
],
"type":"string"
},
"http3-port":{
"default":443,
"title":"Real advertised HTTP3 port",
"description":"As most common deloyment is using iptables for port redirection and in case of udp it is advertising to the process it's bind port instead of the really connected to, it's required to manually set this port for the whole cluster. Can be precisely set on each node by -frontend-i-config-http3-port",
"type":"integer"
},
"re6st-verification-url":{
"description":"Url to verify if the internet and/or re6stnet is working.",
# The presence of sla parameters is checked and added if found
{% set NODE_DEFAULT_KEY_VALUE = {
'enable-http3': 'false',
'http3-port': '443'
} %}
{% for i in range(1, frontend_quantity + 1) %}
{% set frontend_name = "%s-%s" % (NAME_BASE, i) %}
{% set request_section_title = 'request-%s' % frontend_name %}
...
...
@@ -153,9 +158,20 @@ context =
{% do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
# We check for specific configuration regarding the frontend
{% elif key.startswith(config_key) %}
{% do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
{% set node_config_key = key[config_key_length:] %}
{% if node_config_key in ('enable-http3', 'http3-port') %}
{% do config_dict.__setitem__(node_config_key, slapparameter_dict.pop(key) or slapparameter_dict.get(node_config_key) or NODE_DEFAULT_KEY_VALUE[node_config_key]) %}
{% else %}
{% do config_dict.__setitem__(node_config_key, slapparameter_dict.pop(key)) %}
{% endif %}
{% endif %}
{% endfor %}
{% if 'http3-port' not in config_dict %}
{% do config_dict.__setitem__('http3-port', slapparameter_dict.get('http3-port') or NODE_DEFAULT_KEY_VALUE['http3-port']) %}
{% endif %}
{% if 'enable-http3' not in config_dict %}
{% do config_dict.__setitem__('enable-http3', slapparameter_dict.get('enable-http3') or NODE_DEFAULT_KEY_VALUE['enable-http3']) %}
{% endif %}
{% do config_dict.__setitem__('monitor-httpd-port', frontend_monitor_httpd_base_port + i) %}
{% do config_dict.__setitem__('backend-client-caucase-url', caucase_url) %}
{% set state_key = "-frontend-%s-state" % i %}
...
...
@@ -165,12 +181,6 @@ context =
{% do frontend_section_list.append(request_section_title) %}
{% endif %}
{% do part_list.append(request_section_title) %}
{% set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
{% set frontend_quic_port_key = "-frontend-%s-experimental-quic-port" % i %}
{% do config_dict.__setitem__('frontend-quic-port', slapparameter_dict.get(frontend_quic_port_key) or '443') %}
{%- do slave_instance.__setitem__(prefix, info_dict) %}
{%- endfor %}
{%- do slave_instance.__setitem__('health-check-failover-ssl-proxy-verify', ('' ~ slave_instance.get('health-check-failover-ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- for key in ['https-only', 'websocket-transparent'] %}
{%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
{%- endfor %}
...
...
@@ -239,6 +232,18 @@ context =
{%- endif %}
{%- do slave_instance.__setitem__('host_list', host_list) %}
{%- do slave_instance.__setitem__('type', slave_instance.get('type', '')) %}
{%- if slave_instance['type'] in ['notebook', 'websocket'] %}
{#- For websocket like sites forcibly disable HTTP2 and HTTP3 #}
{%- do slave_instance.__setitem__('enable-http2', False) %}
{%- do slave_instance.__setitem__('enable-http3', False) %}
{%- else %}
{%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
{%- if slave_instance['enable-http2'] %}
{%- do slave_instance.__setitem__('enable-http3', ('' ~ slave_instance.get('enable-http3', configuration['enable-http3'])).lower() in TRUE_VALUES) %}
{%- else %}
{%- do slave_instance.__setitem__('enable-http3', False) %}
{%- endif %}
{%- endif %}
{%- set websocket_path_list = [] %}
{%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
{%- set websocket_path = websocket_path.strip('/') %}
...
...
@@ -250,11 +255,14 @@ context =
{%- endfor %}
{%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
{#- Handle alpn negotiation -#}
{%- if slave_instance['type'] in ['notebook', 'websocket'] or not slave_instance['enable-http2'] %}
{# websocket style needs http 1.1 max, just like non-http2 frontends #}
{%- do slave_instance.__setitem__('alpn', ALPN_HTTP11) %}
{%- if not slave_instance['enable-http2'] %}
{%- do slave_instance.__setitem__('alpn', "alpn http/1.1,http/1.0") %}
{%- else %}
{%- do slave_instance.__setitem__('alpn', ALPN_HTTP2PLUS) %}
{%- if http3_enable.lower() in TRUE_VALUES and slave_instance['enable-http3'] %}
{%- do slave_instance.__setitem__('alpn', "alpn h3,h2,http/1.1,http/1.0") %}
{%- else %}
{%- do slave_instance.__setitem__('alpn', "alpn h2,http/1.1,http/1.0") %}