Commit f6b5db04 authored by Łukasz Nowak's avatar Łukasz Nowak

rapid-cdn: Workaround typical configuration problem

Unfortunately real world deployment is using iptables, which is not consistent
regarding the port advertised to in case of UDP, thus it's required to force
the user to set the "virtual" listening port.
parent 30a19c69
...@@ -479,4 +479,6 @@ Experimental QUIC ...@@ -479,4 +479,6 @@ Experimental QUIC
QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too. QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
Please note that due to limitations of iptables method used to expose low ports, the ``-frontend-i-experimental-quic-port`` is by default ``443``, which is used when advertisting the QUIC/HTTP3 port to the client.
Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS. Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
...@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68 ...@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend] [profile-frontend]
filename = instance-frontend.cfg.in filename = instance-frontend.cfg.in
md5sum = daf89318c2c155132c34b91105c68806 md5sum = 08d4476548f21a85a2e4701e5f65154d
[profile-master] [profile-master]
filename = instance-master.cfg.in filename = instance-master.cfg.in
md5sum = b026a6df40f3d1090ceaa3451a9293fe md5sum = 2aaab85bad51136b38f6a16d662a7b3e
[profile-slave-list] [profile-slave-list]
filename = instance-slave-list.cfg.in filename = instance-slave-list.cfg.in
...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181 ...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 4af0e29ac2399aac10de116b4fa3ac25 md5sum = 6f9205190e42841d6e368b8eda710b73
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
......
{% import "caucase" as caucase with context %} {% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%} {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set QUIC_PORT = instance_parameter_dict.get('configuration.frontend-quic-port', '443') %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %} {%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %} {%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %} {%- if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
...@@ -485,6 +486,7 @@ local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }} ...@@ -485,6 +486,7 @@ local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value} version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value} node-id = ${frontend-node-id:value}
quic = {{ FRONTEND_HAPROXY_QUIC }} quic = {{ FRONTEND_HAPROXY_QUIC }}
quic-port = {{ QUIC_PORT }}
# BBB: SlapOS Master non-zero knowledge BEGIN # BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access] [get-self-signed-fallback-access]
......
...@@ -171,6 +171,8 @@ context = ...@@ -171,6 +171,8 @@ context =
{% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %} {% do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
{% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %} {% set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
{% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %} {% do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
{% set frontend_quic_port_key = "-frontend-%s-experimental-quic-port" % i %}
{% do config_dict.__setitem__('frontend-quic-port', slapparameter_dict.get(frontend_quic_port_key) or '443') %}
# Filling request dict for slave # Filling request dict for slave
{% set request_content_dict = { {% set request_content_dict = {
'config': config_dict, 'config': config_dict,
......
...@@ -82,9 +82,9 @@ frontend https-frontend ...@@ -82,9 +82,9 @@ frontend https-frontend
{%- if QUIC %} {%- if QUIC %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3 bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
http-response set-header alt-svc "h3=\":%fp\";ma=900;" http-response set-header alt-svc "h3=\":{{ configuration['quic-port'] }}\"; ma=900"
{#- Ask Chromium to use QUIC #} {#- Ask Chromium to use QUIC #}
http-response set-header alternate-protocol %fp:quic http-response set-header alternate-protocol {{ configuration['quic-port'] }}:quic
{%- endif %} {%- endif %}
{{ frontend_common() }} {{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%} {%- for slave_instance in frontend_slave_list -%}
......
...@@ -6761,6 +6761,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6761,6 +6761,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-1', 'frontend-name': 'caddy-frontend-1',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411, 'monitor-httpd-port': 8411,
...@@ -6788,6 +6789,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6788,6 +6789,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-2', 'frontend-name': 'caddy-frontend-2',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412, 'monitor-httpd-port': 8412,
...@@ -6815,6 +6817,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase): ...@@ -6815,6 +6817,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'frontend-haproxy-flavour': 'basic', 'frontend-haproxy-flavour': 'basic',
'frontend-haproxy-quic': 'False', 'frontend-haproxy-quic': 'False',
'frontend-name': 'caddy-frontend-3', 'frontend-name': 'caddy-frontend-3',
'frontend-quic-port': '443',
'kedifa-caucase-url': kedifa_caucase_url, 'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com', 'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413, 'monitor-httpd-port': 8413,
......
...@@ -107,6 +107,7 @@ ...@@ -107,6 +107,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -109,6 +109,7 @@ ...@@ -109,6 +109,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -79,6 +79,7 @@ ...@@ -79,6 +79,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -79,6 +79,7 @@ ...@@ -79,6 +79,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
...@@ -122,6 +123,7 @@ ...@@ -122,6 +123,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-2", "frontend-name": "caddy-frontend-2",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -790,6 +790,7 @@ ...@@ -790,6 +790,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -95,6 +95,7 @@ ...@@ -95,6 +95,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -284,6 +284,7 @@ ...@@ -284,6 +284,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -92,6 +92,7 @@ ...@@ -92,6 +92,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -243,6 +243,7 @@ ...@@ -243,6 +243,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
...@@ -83,6 +83,7 @@ ...@@ -83,6 +83,7 @@
"frontend-haproxy-flavour": "basic", "frontend-haproxy-flavour": "basic",
"frontend-haproxy-quic": "False", "frontend-haproxy-quic": "False",
"frontend-name": "caddy-frontend-1", "frontend-name": "caddy-frontend-1",
"frontend-quic-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090", "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@", "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com", "monitor-cors-domains": "monitor.app.officejs.com",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment