Thank to escaping whole command-line it is possible to process buildout
dangerous strings, like ${section:option}, pass them to the wrapper,
instead of killing the whole profile processing.

If the value does not contain "," drop its contents instead of stopping
processing of the whole profile.

Features:

 * jinja2 is used to generate instance templates
 * downloads are done the same way for all resources
 * create with shared content for all instance profiles
 * fill in instance-common with shared sections
 * render templates late in order to ease its extenension and development
 * drop not needd duplicated section
 * drop slap-parameter in frontend and replicate template
 * simplify monitor configuration
 * move instance-parameter to instance file
   Thanks to this only one and topmost profile is reponsible for parsing and
   passing through the information which comes from the network

In those places caddy_custom_https (and it's backward compatbility companion
apache_custom_https) was not checked, thus making it impossible to just use
https customisation, without http one.

caddy_custom_http and caddy_custom_https are implemented and exposed
instead of apache_custom_http and apache_custom_https, but with backward
compatbility for the latter form from apache-frontend.

In TODO mark missing usage of custom http found during work on this commit.

Therte is no need to control whitespace adding by Jijna2 and dropping it
simplifies the templates.

It will allow to take better control over generated configuration files.

404 is served with notfound.html

Those kept are backward compatibility variables from the request.

Caddy is able to bind only to all or one interface
( https://github.com/mholt/caddy/issues/864 )

By using 6tunnel this limitation is workarounded, and in the result listen on IPv6.

Also drop needless "ipv6" keys across configuration.

As the the feature ssl_proxy_ca_crt is not implemented serve immediately
501 Not Implemented.

Features:

 * shared place for Caddy configuration
 * gather a lot of parameters for caddy executable, as dislike Apache
   Caddy is configured from command line
 * dummy vhost for example.org
 * challanges (ACME SSL) are disabled
 * bind to interfaces are done per site
 * cache access is dummy, but working
 * /server-status redone in Caddy style
 * antiloris dropped, as this is apache specific
 * apache_custom_http and apache_custom_https
 * dropped not needed leftover access-control-string and protected-path
 * nginx replacement added
 * bin/caddy-wrapper is provided in order to allow parameterization of caddy
   over the network
 * access to log files over http is provided
   * username on log access is consistent, it is not uppercased like it was
     originally on apache-frontend
 * list of TODOs in TODO.rst

This will make it easier to track changes.

Do not upper filenames nor users, use them as is.

/reviewed-on nexedi/slapos!339

No custom_http nor custom_https shall publish information normally calculated.

/reviewed-on nexedi/slapos!340

_ (underscore) is not supported by apache as domain name
(https://bugzilla.redhat.com/show_bug.cgi?id=1410130), so avoid using it.

/reviewed-on nexedi/slapos!320

  Wait for 60 to reload apache configuration in order to accumulate
  several logrotate runs.

  If the amount of slaves are too high, the number of logs are high,
  so the entries on logrotate are also high. So it is enough to DDoS
  with a huge amount of 'kill -1', so delay is the only way to avoid
  to re-implement logrotate existing features.

  Only reload the apache configuration if the the apache configuration
  or the certificates contains a change, else don't reload it.

  Keep a command on bin folder to force reload of configuration in
  case it is required.

  Introduce NGINX on the same partition of apache to handle websocket\
  and eventsource types.

  The NGINX will run on another port and it would require a second ip at
  the machine for enable it.

  This configuration is a working version with fully https support, but
  some additional adjustments might be required.

  Reduce a bit the number of sections also for create directories
  Move all 'set's and 'do's to earliest as possible, to keep buildout syntax more evident
  Drop duplicated logics and 'if's reducing general code

  Use 2 different ports on apache for cached slaves, to differ http and https accesses.
  Introduce the parameter https-url (with fallback to url) to include specific https urls,
    if they are different from url.
  Include /HTTPS/ mapping to traffic server to differ the backends based on the input.

apache-frontend: Slave with cache now have dedicated virtualhost, add checkProxyCertificate, Strip Via header option