Commit c8ef7db5 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

Feature/caddy frontend path normalization

/reviewed-on nexedi/slapos!487
parent dddb4d20
......@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = e21bf673c35f049e7457ec78de9a1964
md5sum = 55d0ca695318d7d6111742f4b37fe1b8
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
......
......@@ -42,12 +42,25 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }}
{%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
{%- if not (slave_type == 'zope' and backend_url) %}
{% if prefer_gzip %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip{uri}
to /prefer-gzip{1}
}
rewrite {
regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to {1}
}
{% else %}
rewrite {
regexp (.*)
to {1}
}
{%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
{% endif %}
{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
{%- if slave_type == 'zope' and backend_url %}
# Zope configuration
......@@ -105,7 +118,7 @@
{%- elif slave_type == 'redirect' and backend_url %} {#- if slave_type == 'zope' and backend_url #}
# Redirect configuration
redir 302 {
/ {{ backend_url }}{uri}
/ {{ backend_url }}{rewrite_uri}
} {# redir #}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
# Default configuration
......@@ -163,20 +176,33 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }}
{%- if prefer_gzip and not (slave_type == 'zope' and backend_url) %}
{%- if not (slave_type == 'zope' and backend_url) %}
{%- if prefer_gzip %}
rewrite {
regexp (.*)
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to /prefer-gzip{uri}
to /prefer-gzip{1}
}
rewrite {
regexp (.*)
if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
to {1}
}
{% else %}
rewrite {
regexp (.*)
to {1}
}
{%- endif %} {#- if prefer_gzip and not (slave_type == 'zope' and backend_url) #}
{% endif %}
{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
{%- if https_only %}
# Enforced redirection to SSL-enabled host
redir / https://{host}{uri}
redir / https://{host}{rewrite_uri}
{%- elif slave_type == 'redirect' and slave_parameter.get('url', '') %} {#- if https_only #}
# Redirect configuration
redir 302 {
/ {{ slave_parameter.get('url', '') }}{uri}
/ {{ slave_parameter.get('url', '') }}{rewrite_uri}
} {# redir #}
{%- elif slave_type == 'zope' and backend_url %} {#- if https_only #}
# Zope configuration
......
......@@ -1161,13 +1161,14 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
try:
j = result.json()
......@@ -1186,8 +1187,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result_http, 'Path', '/test-path/deeper')
try:
j = result_http.json()
......@@ -1252,7 +1254,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
......@@ -1262,7 +1265,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result,
'Path',
'/VirtualHostBase/https//'
'typezopepath.example.com:443/path/VirtualHostRoot/test-path'
'typezopepath.example.com:443/path/VirtualHostRoot/test-path/deeper'
)
def test_type_zope_default_path(self):
......@@ -1309,25 +1312,28 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = self.fakeHTTPSResult(
'alias1.example.com', parameter_dict['public-ipv4'], 'test-path')
'alias1.example.com', parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = self.fakeHTTPSResult(
'alias2.example.com', parameter_dict['public-ipv4'], 'test-path')
'alias2.example.com', parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
......@@ -1525,19 +1531,21 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
'https://httpsonly.example.com/test-path',
'https://httpsonly.example.com/test-path/deeper',
result_http.headers['Location']
)
......@@ -1631,7 +1639,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
......@@ -1647,17 +1656,18 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result,
'Path',
'/VirtualHostBase/https//typezope.example.com:443/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/http//typezope.example.com:80/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
def test_type_zope_prefer_gzip_encoding_to_backend(self):
......@@ -1678,7 +1688,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
......@@ -1695,22 +1706,24 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackend.example.com:443/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/http//'
'typezopeprefergzipencodingtobackend.example.com:80/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
......@@ -1728,13 +1741,14 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'Path',
'/VirtualHostBase/https//'
'typezopeprefergzipencodingtobackend.example.com:443/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqualResultJson(
......@@ -1742,7 +1756,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'Path',
'/VirtualHostBase/http//'
'typezopeprefergzipencodingtobackend.example.com:80/'
'/VirtualHostRoot/test-path'
'/VirtualHostRoot/test-path/deeper'
)
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
......@@ -1821,7 +1835,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path',
NGINX_HTTPS_PORT)
self.assertEqual(
......@@ -1830,6 +1845,17 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path')
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test/terminals/websocket/test',
NGINX_HTTPS_PORT)
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
@skip('Feature postponed')
def test_type_websocket(self):
# Pure websocket configurable frontend
......@@ -1903,14 +1929,15 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
'%s/test-path' % (self.backend_url,),
'%s/test-path/deeper' % (self.backend_url,),
result.headers['Location']
)
......@@ -2066,7 +2093,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
......@@ -2078,7 +2106,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deeper')
self.assertEqual(
httplib.BAD_GATEWAY,
......@@ -2105,13 +2134,14 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
headers = result.headers.copy()
......@@ -2472,13 +2502,14 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
headers = result.headers.copy()
......@@ -2760,40 +2791,44 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'gzip, deflate'})
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'gzip', result.json()['Incoming Headers']['accept-encoding'])
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper',
headers={'Accept-Encoding': 'deflate'})
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
self.assertEqual(
'deflate', result.json()['Incoming Headers']['accept-encoding'])
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result, 'Path', '/test-path')
self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
def test_disabled_cookie_list(self):
parameter_dict = self.parseSlaveParameterDict('disabled-cookie-list')
......@@ -3018,17 +3053,19 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/https/test-path')
self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/http/test-path')
parameter_dict['domain'], parameter_dict['public-ipv4'],
'test-path/deep/.././deeper')
self.assertEqualResultJson(result_http, 'Path', '/http/test-path/deeper')
class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment