Commit 87dea848 authored by Łukasz Nowak's avatar Łukasz Nowak

rapid-cdn: Implement node-level experimental QUIC

parent 6d1202a5
......@@ -468,3 +468,15 @@ websocket
~~~~~~~~~
All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
Experimental QuicTLS
~~~~~~~~~~~~~~~~~~~~
`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
Experimental QUIC
~~~~~~~~~~~~~~~~~
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
......@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = b519b264956ad6ee43615ee535f41e6d
md5sum = daf89318c2c155132c34b91105c68806
[profile-master]
filename = instance-master.cfg.in
md5sum = b235bcf15d12b477736258b790054c59
md5sum = b026a6df40f3d1090ceaa3451a9293fe
[profile-slave-list]
filename = instance-slave-list.cfg.in
......@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = e73d1b96224cac7d866b0d2e1eecfecb
md5sum = 4af0e29ac2399aac10de116b4fa3ac25
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
......
{% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
{%- set FRONTEND_HAPROXY_QUIC = True %}
{%- else %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- else %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
{%- set FRONTEND_HAPROXY_QUIC = False %}
{%- endif %}
{%- set BACKEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
[buildout]
extends =
{{ software_parameter_dict['profile_common'] }}
......@@ -472,6 +484,7 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
quic = {{ FRONTEND_HAPROXY_QUIC }}
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
......@@ -693,7 +706,7 @@ url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/frontend-haproxy-validate
mode = 0700
last_state_file = ${directory:run}/frontend_haproxy_configuration_last_state
validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${frontend-haproxy-configuration:file} -c
validate_command = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
......@@ -706,7 +719,7 @@ url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate
mode = 0700
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
......@@ -810,7 +823,7 @@ node-id = ${frontend-node-id:value}
[frontend-haproxy]
recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${frontend-haproxy-configuration:file}
command-line = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file}
wrapper-path = ${directory:service}/frontend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
......@@ -828,7 +841,7 @@ extra-context =
[backend-haproxy]
recipe = slapos.cookbook:wrapper
command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
command-line = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file}
wrapper-path = ${directory:service}/backend-haproxy
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
......@@ -893,7 +906,7 @@ extra-context =
url = {{ software_parameter_dict['template_validate_script'] }}
output = ${directory:bin}/backend-haproxy-validate
last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
extra-context =
raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
key validate_command :validate_command
......
......@@ -167,6 +167,10 @@ context =
{% do frontend_section_list.append(request_section_title) %}
{% endif %}
{% do part_list.append(request_section_title) %}
{% set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
# Filling request dict for slave
{% set request_content_dict = {
'config': config_dict,
......
......@@ -105,6 +105,7 @@ bin_directory = ${buildout:bin-directory}
nginx = ${nginx-output:nginx}
nginx_mime = ${nginx-output:mime}
haproxy_executable = ${haproxy:location}/sbin/haproxy
haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
curl = ${curl:location}
dash = ${dash:location}
......
{%- if configuration['quic'] == 'True' %}
{%- set QUIC = True %}
{%- else %}
{%- set QUIC = False %}
{%- endif %}
global
pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management
......@@ -74,6 +79,13 @@ frontend http-frontend
frontend https-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
{%- if QUIC %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
http-response set-header alt-svc "h3=\":%fp\";ma=900;"
{#- Ask Chromium to use QUIC #}
http-response set-header alternate-protocol %fp:quic
{%- endif %}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
......
......@@ -6758,6 +6758,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-1',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
......@@ -6783,6 +6785,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-2',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
......@@ -6808,6 +6812,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'domain': 'example.com',
'enable-http2-by-default': 'True',
'extra_slave_instance_list': '[]',
'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-3',
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
......
......@@ -104,6 +104,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -106,6 +106,8 @@
"domain": "example.com",
"enable-http2-by-default": "false",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -62,6 +62,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -60,6 +60,8 @@
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"cluster-identification": "testing partition 0",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -62,6 +62,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -76,6 +76,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -80,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......@@ -117,6 +119,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-2",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -787,6 +787,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"ciphers\": \"ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA\", \"slave_reference\": \"_ciphers-translation-all\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -92,6 +92,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -281,6 +281,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -89,6 +89,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -240,6 +240,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -80,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
......@@ -80,6 +80,8 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment