Update Release Candidate

2a3328a1 · Łukasz Nowak · 74018d53 · b1d87ee2 · 2a3328a1 · 2a3328a1
Commit 2a3328a1 authored Jan 17, 2019 by Łukasz Nowak
30 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = d43a1631bcd0f4307507268a06f0fac2
+md5sum = de7e30546a952e306e2a74f8492ab419
 [template-common]
 filename = instance-common.cfg.in
@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 47150a0f4c9ff6f71753b93e03db05e7
+md5sum = 2c8e1dd8df4a225b4a8d8f70688a85ca
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = 6a86edb96b171fbd0a59d0adc9cc906b
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = 232ee8c086db6f452e0c98e3869a2433
+md5sum = 4b06918875e889f850c5aca0d8c57796
 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 3b9d7c04206da76edb40740a51e4063c
+md5sum = a0b5a3dbf7b1d6622a52173ef5a90e72
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -201,6 +201,7 @@ extra-context =
    key login_key ca-frontend:key-file
    key login_ca_crt ca-custom-frontend:rendered
    key enable_http2_by_default configuration:enable-http2-by-default
+    key global_disable_http2 configuration:global-disable-http2
    key access_log caddy-configuration:access-log
    key error_log caddy-configuration:error-log
    key sixtunnel_executable :sixtunnel_executable
@@ -258,7 +259,11 @@ environment =
 command-line = {{ parameter_dict['caddy'] }}
  -conf ${dynamic-caddy-frontend-template:rendered}
  -log stdout
+{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
+  -http2=false
+{% else %}
  -http2=true
+{% endif %}
 {% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
  -quic
 {% endif %}
@@ -716,7 +721,11 @@ environment =
 command-line = {{ parameter_dict['caddy'] }}
  -conf ${dynamic-nginx-frontend-template:rendered}
  -log stdout
+{% if instance_parameter['configuration.global-disable-http2'].lower() in TRUE_VALUES %}
+  -http2=false
+{% else %}
  -http2=true
+{% endif %}
  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s
  -disable-http-challenge
  -disable-tls-sni-challenge

--- a/software/caddy-frontend/instance-caddy-input-schema.json
+++ b/software/caddy-frontend/instance-caddy-input-schema.json
@@ -45,6 +45,16 @@
      "title": "Enable HTTP2 by Default",
      "type": "string"
    },
+    "global-disable-http2": {
+      "default": "false",
+      "description": "Disables globally HTTP2 in Caddy, thus enable-http2-by-default here and enable-http2 have no effect. Rational is that in some loaded environments it is better to run Caddy without any HTTP2 capabilities.",
+      "enum": [
+        "true",
+        "false"
+      ],
+      "title": "Globally disable HTTP2",
+      "type": "string"
+    },
    "mpm-graceful-shutdown-timeout": {
      "default": 5,
      "description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -97,6 +97,7 @@ configuration.trafficserver-autoconf-port = 8083
 configuration.trafficserver-mgmt-port = 8084
 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
 configuration.enable-http2-by-default = true
+configuration.global-disable-http2 = false
 configuration.enable-quic = false
 configuration.mpm-graceful-shutdown-timeout = 5
 configuration.monitor-httpd-port = 8072

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -64,6 +64,7 @@ crl = {{ custom_ssl_directory }}/crl/
 {#   Pass HTTP2 switch #}
 {%   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
+{%   do slave_instance.__setitem__('global_disable_http2', global_disable_http2) %}
 {#   Set Up log files #}
 {%   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -7,7 +7,7 @@
 {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
 {%- endif %} {#- if prefer_gzip #}
 {%- set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES %}
+{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES %}
 {%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
 {%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
 {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %}
@@ -109,6 +109,11 @@
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
  }
+  rewrite {
+    regexp (.*)
+    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+  }
 {%- else %}
  rewrite {
    regexp (.*)
@@ -253,6 +258,11 @@
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
  }
+  rewrite {
+    regexp (.*)
+    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+  }
 {%- else %}
  rewrite {
    regexp (.*)

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -571,6 +571,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
    if headers is None:
      headers = {}
    headers.setdefault('REMOTE_USER', 'SOME_REMOTE_USER')
+    # workaround request problem of setting Accept-Encoding
+    # https://github.com/requests/requests/issues/2234
+    headers.setdefault('Accept-Encoding', 'dummy')
    session = requests.Session()
    session.mount(
      'https://%s:%s' % (domain, port),
@@ -593,6 +596,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
    if headers is None:
      headers = {}
    headers.setdefault('REMOTE_USER', 'SOME_REMOTE_USER')
+    # workaround request problem of setting Accept-Encoding
+    # https://github.com/requests/requests/issues/2234
+    headers.setdefault('Accept-Encoding', 'dummy')
    headers['Host'] = domain
    return requests.get(
      'http://%s:%s/%s' % (real_ip, port, path),
@@ -1020,7 +1026,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      set([
        'monitor-bootstrap-status.py',
        'check-free-disk-space.py',
-        'buildout-TestSlave-0-status.py',
+        'buildout-%s-0-status.py' % (type(self).__name__,),
        '__init__.py',
      ]),
      set([
@@ -1165,10 +1171,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result.headers)
-      'gzip',
-      result.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -1186,10 +1189,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result_http.headers)
-      'gzip',
-      result_http.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2019,10 +2019,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result.headers)
-      'gzip',
-      result.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2039,10 +2036,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result.headers)
-      'gzip',
-      result_http.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2164,9 +2158,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    headers.pop('Keep-Alive', None)
    self.assertEqual(
-      {'Content-type': 'application/json',
+      {
+        'Content-type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
-       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'},
+      },
      headers
    )
@@ -2182,10 +2177,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result_direct.headers)
-      'gzip',
-      result_direct.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2206,10 +2198,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
        result_direct_https_backend.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse(
-      'gzip',
+      'Content-Encoding' in result_direct_https_backend.headers)
-      result_direct_https_backend.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2532,9 +2522,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    headers.pop('Keep-Alive', None)
    self.assertEqual(
-      {'Content-type': 'application/json',
+      {
-       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-type': 'application/json',
-       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'},
+        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+       },
      headers
    )
@@ -2550,10 +2541,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
      raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result_direct.headers)
-      'gzip',
-      result_direct.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2574,10 +2562,7 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
        result_direct_https_backend.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertEqual(
+    self.assertFalse('Content-Encoding' in result_direct_https_backend.headers)
-      'gzip',
-      result_direct_https_backend.headers['Content-Encoding']
-    )
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2625,9 +2610,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    headers.pop('Keep-Alive', None)
    self.assertEqual(
-      {'Content-type': 'application/json',
+      {
-       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-type': 'application/json',
-       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'},
+        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+      },
      headers
    )
@@ -2676,9 +2662,10 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    headers.pop('Keep-Alive', None)
    self.assertEqual(
-      {'Content-type': 'application/json',
+      {
+        'Content-type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
-       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'},
+      },
      headers
    )
@@ -2720,10 +2707,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    self.assertEqual(
      {
-        'Vary': 'Accept-Encoding',
        'Content-Type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
-        'Content-Encoding': 'gzip',
      },
      headers
    )
@@ -2769,10 +2754,8 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
    self.assertEqual(
      {
-        'Vary': 'Accept-Encoding',
        'Content-type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
-        'Content-Encoding': 'gzip',
      },
      headers
    )
@@ -4196,3 +4179,138 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
      },
      parameter_dict
    )
+class TestSlaveGlobalDisableHttp2(TestSlave):
+  @classmethod
+  def getInstanceParameterDict(cls):
+    instance_parameter_dict = super(
+      TestSlaveGlobalDisableHttp2, cls).getInstanceParameterDict()
+    instance_parameter_dict['global-disable-http2'] = 'TrUe'
+    return instance_parameter_dict
+  def test_enable_http2_default(self):
+    parameter_dict = self.parseSlaveParameterDict('enable-http2-default')
+    self.assertLogAccessUrlWithPop(parameter_dict)
+    self.assertEqual(
+      {
+        'domain': 'enablehttp2default.example.com',
+        'replication_number': '1',
+        'url': 'http://enablehttp2default.example.com',
+        'site_url': 'http://enablehttp2default.example.com',
+        'secure_access':
+        'https://enablehttp2default.example.com',
+        'public-ipv4': SLAPOS_TEST_IPV4,
+      },
+      parameter_dict
+    )
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
+    self.assertEqual(
+      self.certificate_pem,
+      der2pem(result.peercert))
+    self.assertEqualResultJson(result, 'Path', '/test-path')
+    headers = result.headers.copy()
+    self.assertKeyWithPop('Server', headers)
+    self.assertKeyWithPop('Date', headers)
+    # drop vary-keys
+    headers.pop('Content-Length', None)
+    headers.pop('Transfer-Encoding', None)
+    headers.pop('Connection', None)
+    headers.pop('Keep-Alive', None)
+    self.assertEqual(
+      {
+        'Content-type': 'application/json',
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+      },
+      headers
+    )
+    self.assertFalse(
+      isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
+class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
+  TestEnableHttp2ByDefaultFalseSlave):
+  @classmethod
+  def getInstanceParameterDict(cls):
+    instance_parameter_dict = super(
+      TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2,
+      cls).getInstanceParameterDict()
+    instance_parameter_dict['global-disable-http2'] = 'TrUe'
+    return instance_parameter_dict
+  def test_enable_http2_true(self):
+    parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
+    self.assertLogAccessUrlWithPop(parameter_dict)
+    self.assertEqual(
+      {
+        'domain': 'enablehttp2true.example.com',
+        'replication_number': '1',
+        'url': 'http://enablehttp2true.example.com',
+        'site_url': 'http://enablehttp2true.example.com',
+        'secure_access':
+        'https://enablehttp2true.example.com',
+        'public-ipv4': SLAPOS_TEST_IPV4,
+      },
+      parameter_dict
+    )
+    self.assertFalse(
+      isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
+class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
+  TestEnableHttp2ByDefaultDefaultSlave):
+  @classmethod
+  def getInstanceParameterDict(cls):
+    instance_parameter_dict = super(
+      TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2,
+      cls).getInstanceParameterDict()
+    instance_parameter_dict['global-disable-http2'] = 'TrUe'
+    return instance_parameter_dict
+  def test_enable_http2_true(self):
+    parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
+    self.assertLogAccessUrlWithPop(parameter_dict)
+    self.assertEqual(
+      {
+        'domain': 'enablehttp2true.example.com',
+        'replication_number': '1',
+        'url': 'http://enablehttp2true.example.com',
+        'site_url': 'http://enablehttp2true.example.com',
+        'secure_access':
+        'https://enablehttp2true.example.com',
+        'public-ipv4': SLAPOS_TEST_IPV4,
+      },
+      parameter_dict
+    )
+    self.assertFalse(
+      isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
+  def test_enable_http2_default(self):
+    parameter_dict = self.parseSlaveParameterDict('enable-http2-default')
+    self.assertLogAccessUrlWithPop(parameter_dict)
+    self.assertEqual(
+      {
+        'domain': 'enablehttp2default.example.com',
+        'replication_number': '1',
+        'url': 'http://enablehttp2default.example.com',
+        'site_url': 'http://enablehttp2default.example.com',
+        'secure_access':
+        'https://enablehttp2default.example.com',
+        'public-ipv4': SLAPOS_TEST_IPV4,
+      },
+      parameter_dict
+    )
+    self.assertFalse(
+      isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/var/log/monitor-httpd-error.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/frontend-access.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/frontend-error.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_access_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_error_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_access_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_error_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-true_access_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-true_error_log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/monitor-httpd-error.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/nginx-access.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/nginx-error.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/trafficserver/manager.log
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/log/trafficserver/traffic.out
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/var/run/monitor-httpd.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/var/run/monitor/monitor-bootstrap.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/caddy_graceful_signature
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature.status
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/httpd.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/monitor-httpd.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/monitor/monitor-bootstrap.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/nginx.pid
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/nginx_graceful_signature
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature.status
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-hour
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-hour
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-true-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-true-error-log-last-hour
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/plugin/__init__.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/plugin/buildout-TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0-status.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/plugin/check-free-disk-space.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/plugin/monitor-bootstrap-status.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/plugin/__init__.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/plugin/buildout-TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1-status.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/plugin/check-free-disk-space.py
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/plugin/monitor-bootstrap-status.py
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/promise/monitor-http-frontend
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/promise/monitor-httpd-listening-on-tcp
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy-frontend-is-running-actual-software-release
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_cached
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_http
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_https
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_http
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_https
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/caddy_ssl_cached
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-hour
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-hour
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-true-error-log-last-day
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-true-error-log-last-hour
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/frontend-caddy-configuration-promise
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/monitor-http-frontend
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/monitor-httpd-listening-on-tcp
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/nginx-configuration-promise
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_http
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_https
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_http
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_https
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/promise-nginx-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/re6st-connectivity
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-cache-availability
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-port-listening
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0:bootstrap-monitor EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0:certificate_authority-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0:crond-{hash} RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0:monitor-httpd-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-0:monitor-httpd-graceful EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-11080-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-11443-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-12080-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-12443-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-26011-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:6tunnel-26012-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:bootstrap-monitor EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:certificate_authority-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:crond-{hash} RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:crond-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:frontend-caddy-safe-graceful EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:frontend-nginx-safe-graceful EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:frontend_caddy-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:frontend_nginx-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:monitor-httpd-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:monitor-httpd-graceful EXITED
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:trafficserver-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2-1:trafficserver-reload EXITED
+watchdog:watchdog RUNNING
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/var/log/monitor-httpd-error.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/frontend-access.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/frontend-error.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_access_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_error_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_access_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_error_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-true_access_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-true_error_log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/monitor-httpd-error.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/nginx-access.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/nginx-error.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/trafficserver/manager.log
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/log/trafficserver/traffic.out
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/var/run/monitor-httpd.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/var/run/monitor/monitor-bootstrap.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/caddy_graceful_signature
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature.status
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/httpd.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/monitor-httpd.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/monitor/monitor-bootstrap.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/nginx.pid
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/nginx_graceful_signature
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature.status
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-hour
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-hour
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-true-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-true-error-log-last-hour
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/plugin/__init__.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/plugin/buildout-TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0-status.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/plugin/check-free-disk-space.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/plugin/monitor-bootstrap-status.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/plugin/__init__.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/plugin/buildout-TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1-status.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/plugin/check-free-disk-space.py
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/plugin/monitor-bootstrap-status.py
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/promise/monitor-http-frontend
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/promise/monitor-httpd-listening-on-tcp
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy-frontend-is-running-actual-software-release
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_cached
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_http
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_https
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_http
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_https
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/caddy_ssl_cached
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-hour
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-hour
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-true-error-log-last-day
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-true-error-log-last-hour
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/frontend-caddy-configuration-promise
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/monitor-http-frontend
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/monitor-httpd-listening-on-tcp
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/nginx-configuration-promise
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_http
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_https
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_http
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_https
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/promise-nginx-is-process-older-than-dependency-set
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/re6st-connectivity
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-cache-availability
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-port-listening
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0:bootstrap-monitor EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0:certificate_authority-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0:crond-{hash} RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0:monitor-httpd-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-0:monitor-httpd-graceful EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-11080-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-11443-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-12080-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-12443-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-26011-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:6tunnel-26012-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:bootstrap-monitor EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:certificate_authority-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:crond-{hash} RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:crond-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:frontend-caddy-safe-graceful EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:frontend-nginx-safe-graceful EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:frontend_caddy-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:frontend_nginx-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:monitor-httpd-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:monitor-httpd-graceful EXITED
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:trafficserver-{hash}-on-watch RUNNING
+TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2-1:trafficserver-reload EXITED
+watchdog:watchdog RUNNING
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_log-CADDY.txt
+TestSlaveGlobalDisableHttp2-0/var/log/monitor-httpd-error.log
+TestSlaveGlobalDisableHttp2-1/var/log/frontend-access.log
+TestSlaveGlobalDisableHttp2-1/var/log/frontend-error.log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_apache_custom_http_s-accepted_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_apache_custom_http_s-accepted_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_caddy_custom_http_s-accepted_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_caddy_custom_http_s-accepted_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_wildcard_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_custom_domain_wildcard_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_disabled-cookie-list_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_disabled-cookie-list_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_empty_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_empty_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-default_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable-http2-false_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-disable-via-header_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-disable-via-header_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_enable_cache_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_https-only_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_https-only_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_monitor-ipv4-test_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_monitor-ipv4-test_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_monitor-ipv6-test_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_monitor-ipv6-test_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_re6st-optimal-test_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_re6st-optimal-test_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias-duplicated_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias-duplicated_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias-wildcard_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias-wildcard_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_server-alias_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl_ca_crt_garbage_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_ssl_ca_crt_garbage_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-notebook_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-notebook_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-redirect_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-redirect_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-default-path_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-default-path_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-path_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-path_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_type-zope_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_url_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_url_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_url_https-url_access_log
+TestSlaveGlobalDisableHttp2-1/var/log/httpd/_url_https-url_error_log
+TestSlaveGlobalDisableHttp2-1/var/log/monitor-httpd-error.log
+TestSlaveGlobalDisableHttp2-1/var/log/nginx-access.log
+TestSlaveGlobalDisableHttp2-1/var/log/nginx-error.log
+TestSlaveGlobalDisableHttp2-1/var/log/trafficserver/manager.log
+TestSlaveGlobalDisableHttp2-1/var/log/trafficserver/traffic.out
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_run-CADDY.txt
+TestSlaveGlobalDisableHttp2-0/var/run/monitor-httpd.pid
+TestSlaveGlobalDisableHttp2-0/var/run/monitor/monitor-bootstrap.pid
+TestSlaveGlobalDisableHttp2-1/var/run/caddy_graceful_signature
+TestSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature
+TestSlaveGlobalDisableHttp2-1/var/run/caddy_validate_signature.status
+TestSlaveGlobalDisableHttp2-1/var/run/httpd.pid
+TestSlaveGlobalDisableHttp2-1/var/run/monitor-httpd.pid
+TestSlaveGlobalDisableHttp2-1/var/run/monitor/monitor-bootstrap.pid
+TestSlaveGlobalDisableHttp2-1/var/run/nginx.pid
+TestSlaveGlobalDisableHttp2-1/var/run/nginx_graceful_signature
+TestSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature
+TestSlaveGlobalDisableHttp2-1/var/run/nginx_validate_signature.status
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_master_partition_state-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_master_partition_state-CADDY.txt
+SetEnvIf Origin "^http(s)?://(.+\.)?(monitor\.app\.officejs\.com)$" ORIGIN_DOMAIN=$0
+Header always set Access-Control-Allow-Origin "%{ORIGIN_DOMAIN}e" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Credentials "true" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST" env=ORIGIN_DOMAIN
+Header always set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization" env=ORIGIN_DOMAIN
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_monitor_promise_list-CADDY.txt
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_apache_custom_http_s-accepted-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_apache_custom_http_s-accepted-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_caddy_custom_http_s-accepted-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_caddy_custom_http_s-accepted-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_ssl_crt_ssl_key-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_ssl_crt_ssl_key-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_wildcard-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_custom_domain_wildcard-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_disabled-cookie-list-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_disabled-cookie-list-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_empty-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_empty-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-default-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable-http2-false-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-disable-no-cache-request-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-disable-no-cache-request-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-disable-via-header-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-disable-via-header-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_https-only-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_https-only-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv4-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv4-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv4-test-ipv4-packet-list-test
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv6-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv6-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_monitor-ipv6-test-ipv6-packet-list-test
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_prefer-gzip-encoding-to-backend-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_prefer-gzip-encoding-to-backend-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-duplicated-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-duplicated-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias_custom_domain-duplicated-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_server-alias_custom_domain-duplicated-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl_ca_crt_garbage-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_ssl_ca_crt_garbage-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-eventsource-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-eventsource-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-notebook-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-notebook-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-redirect-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-redirect-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-default-path-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-default-path-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-path-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-path-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-virtualhostroot-https-port-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_type-zope-virtualhostroot-https-port-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_url-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_url-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_url_https-url-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/monitor-promise/check-_url_https-url-error-log-last-hour
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_plugin_list-CADDY.txt
+TestSlaveGlobalDisableHttp2-0/etc/plugin/__init__.py
+TestSlaveGlobalDisableHttp2-0/etc/plugin/buildout-TestSlaveGlobalDisableHttp2-0-status.py
+TestSlaveGlobalDisableHttp2-0/etc/plugin/check-free-disk-space.py
+TestSlaveGlobalDisableHttp2-0/etc/plugin/monitor-bootstrap-status.py
+TestSlaveGlobalDisableHttp2-1/etc/plugin/__init__.py
+TestSlaveGlobalDisableHttp2-1/etc/plugin/buildout-TestSlaveGlobalDisableHttp2-1-status.py
+TestSlaveGlobalDisableHttp2-1/etc/plugin/check-free-disk-space.py
+TestSlaveGlobalDisableHttp2-1/etc/plugin/monitor-bootstrap-status.py
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_promise_list-CADDY.txt
+TestSlaveGlobalDisableHttp2-0/etc/promise/monitor-http-frontend
+TestSlaveGlobalDisableHttp2-0/etc/promise/monitor-httpd-listening-on-tcp
+TestSlaveGlobalDisableHttp2-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy-frontend-is-running-actual-software-release
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_cached
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_http
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv4_https
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_http
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_frontend_ipv6_https
+TestSlaveGlobalDisableHttp2-1/etc/promise/caddy_ssl_cached
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_apache_custom_http_s-accepted-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_apache_custom_http_s-accepted-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_caddy_custom_http_s-accepted-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_caddy_custom_http_s-accepted-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_ssl_crt_ssl_key-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_ssl_crt_ssl_key-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_ssl_crt_ssl_key_ssl_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_wildcard-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_custom_domain_wildcard-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_disabled-cookie-list-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_disabled-cookie-list-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_empty-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_empty-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-default-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable-http2-false-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-disable-no-cache-request-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-disable-no-cache-request-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-disable-via-header-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-disable-via-header-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_https-only-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_https-only-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv4-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv4-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv4-test-ipv4-packet-list-test
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv6-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv6-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_monitor-ipv6-test-ipv6-packet-list-test
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_prefer-gzip-encoding-to-backend-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_prefer-gzip-encoding-to-backend-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_re6st-optimal-test-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_re6st-optimal-test-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_re6st-optimal-test-re6st-optimal-test
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-duplicated-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-duplicated-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-wildcard-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias-wildcard-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias_custom_domain-duplicated-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_server-alias_custom_domain-duplicated-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl_ca_crt_does_not_match-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl_ca_crt_does_not_match-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl_ca_crt_garbage-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_ssl_ca_crt_garbage-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-eventsource-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-eventsource-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-notebook-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-notebook-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-redirect-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-redirect-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-default-path-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-default-path-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-path-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-path-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-prefer-gzip-encoding-to-backend-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-virtualhostroot-http-port-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-virtualhostroot-http-port-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-virtualhostroot-https-port-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_type-zope-virtualhostroot-https-port-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_url-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_url-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_url_https-url-error-log-last-day
+TestSlaveGlobalDisableHttp2-1/etc/promise/check-_url_https-url-error-log-last-hour
+TestSlaveGlobalDisableHttp2-1/etc/promise/frontend-caddy-configuration-promise
+TestSlaveGlobalDisableHttp2-1/etc/promise/monitor-http-frontend
+TestSlaveGlobalDisableHttp2-1/etc/promise/monitor-httpd-listening-on-tcp
+TestSlaveGlobalDisableHttp2-1/etc/promise/nginx-configuration-promise
+TestSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_http
+TestSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv4_https
+TestSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_http
+TestSlaveGlobalDisableHttp2-1/etc/promise/nginx_frontend_ipv6_https
+TestSlaveGlobalDisableHttp2-1/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
+TestSlaveGlobalDisableHttp2-1/etc/promise/promise-nginx-is-process-older-than-dependency-set
+TestSlaveGlobalDisableHttp2-1/etc/promise/re6st-connectivity
+TestSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-cache-availability
+TestSlaveGlobalDisableHttp2-1/etc/promise/trafficserver-port-listening
\ No newline at end of file
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_supervisor_state-CADDY.txt
+TestSlaveGlobalDisableHttp2-0:bootstrap-monitor EXITED
+TestSlaveGlobalDisableHttp2-0:certificate_authority-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-0:crond-{hash} RUNNING
+TestSlaveGlobalDisableHttp2-0:monitor-httpd-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-0:monitor-httpd-graceful EXITED
+TestSlaveGlobalDisableHttp2-1:6tunnel-11080-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:6tunnel-11443-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:6tunnel-12080-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:6tunnel-12443-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:6tunnel-26011-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:6tunnel-26012-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:bootstrap-monitor EXITED
+TestSlaveGlobalDisableHttp2-1:certificate_authority-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:crond-{hash} RUNNING
+TestSlaveGlobalDisableHttp2-1:crond-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:frontend-caddy-safe-graceful EXITED
+TestSlaveGlobalDisableHttp2-1:frontend-nginx-safe-graceful EXITED
+TestSlaveGlobalDisableHttp2-1:frontend_caddy-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:frontend_nginx-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:monitor-httpd-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:monitor-httpd-graceful EXITED
+TestSlaveGlobalDisableHttp2-1:trafficserver-{hash}-on-watch RUNNING
+TestSlaveGlobalDisableHttp2-1:trafficserver-reload EXITED
+watchdog:watchdog RUNNING
\ No newline at end of file
--- a/software/seleniumserver/buildout.hash.cfg
+++ b/software/seleniumserver/buildout.hash.cfg
@@ -19,4 +19,4 @@ md5sum = c4ac5de141ae6a64848309af03e51d88
 [template-selenium]
 filename = instance-selenium.cfg.in
-md5sum = 4167621b473f81892d38389ac427c6ba
+md5sum = fe248a36cd1908fb04b2cbb334c878ff
--- a/software/seleniumserver/instance-selenium.cfg.in
+++ b/software/seleniumserver/instance-selenium.cfg.in
@@ -114,8 +114,10 @@ bytes = 12
 [selenium-server-frontend-config]
 recipe = slapos.recipe.template:jinja2
 rendered = $${directory:etc}/$${:_buildout_section_name_}
+# Catch-all simple frontend, as it can serve on different interface then accessed one, by
+# using "*" as hostname
 template = inline:
-  https://$${:hostname}:$${:port} {
+  https://*:$${:port} {
    bind $${:ip}
    tls self_signed # TODO
    proxy / $${selenium-server-hub-instance:base-url} {
@@ -176,6 +178,19 @@ extra-args=-t dsa
 <=ssh-keygen-base
 extra-args=-t ecdsa -b 521
+[ssh-key-fingerprint-command]
+recipe = plone.recipe.command
+# recent openssh client display ECDSA key's fingerprint as SHA256
+command = ${openssh-output:keygen} -lf $${ssh-host-ecdsa-key:output}
+[ssh-key-fingerprint]
+recipe = collective.recipe.shelloutput
+# XXX because collective.recipe.shelloutput ignore errors, we run the same
+# command in a plone.recipe.command so that if fails if something goes wrong.
+commands =
+  fingerprint = $${ssh-key-fingerprint-command:command}
 [sshd-config]
 recipe = slapos.recipe.template:jinja2
 rendered = $${directory:etc}/sshd.conf
@@ -268,6 +283,7 @@ url = $${selenium-server-frontend-instance:url}
 admin-url = $${selenium-server-frontend-instance:admin-url}
 ssh-url = $${sshd-service:url}
+ssh-fingerprint = $${ssh-key-fingerprint:fingerprint}
 # to run a local node - useful to see what tests are doing or
 # using to use unsupported browsers like safari or edge or to test
 # on mobile using appium.

--- a/software/seleniumserver/software.cfg
+++ b/software/seleniumserver/software.cfg
@@ -17,8 +17,12 @@ extends =
 parts =
  slapos-cookbook
+  collective.recipe.shelloutput
  template
+[collective.recipe.shelloutput]
+recipe = zc.recipe.egg
 [selenium-server]
 recipe = slapos.recipe.build:download
 version = 3.14.0
@@ -41,4 +45,5 @@ output = ${buildout:directory}/template-selenium.cfg
 [versions]
 plone.recipe.command = 1.1
+collective.recipe.shelloutput = 0.1
 slapos.recipe.template = 4.3
--- a/software/seleniumserver/test/test.py
+++ b/software/seleniumserver/test/test.py
@@ -32,6 +32,9 @@ import os
 import tempfile
 import unittest
 import urlparse
+import base64
+import hashlib
+import contextlib
 from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
 from io import BytesIO
@@ -343,15 +346,43 @@ class TestSSHServer(SeleniumServerTestCase):
    self.assertEqual('ssh', parsed.scheme)
    client = paramiko.SSHClient()
-    client.set_missing_host_key_policy(paramiko.client.WarningPolicy)
+    class TestKeyPolicy(object):
+      """Accept server key and keep it in self.key for inspection
+      """
+      def missing_host_key(self, client, hostname, key):
+        self.key = key
+    key_policy = TestKeyPolicy()
+    client.set_missing_host_key_policy(key_policy)
+    with contextlib.closing(client):
      client.connect(
        username=urlparse.urlparse(ssh_url).username,
        hostname=urlparse.urlparse(ssh_url).hostname,
        port=urlparse.urlparse(ssh_url).port,
        pkey=self.ssh_key,
      )
+      # Check fingerprint from server matches the published one.
+      # The publish format is the raw output of ssh-keygen and is something like this:
+      #   521 SHA256:9aZruv3LmFizzueIFdkd78eGtzghDoPSCBXFkkrHqXE user@hostname (ECDSA)
+      # we only want to parse SHA256:9aZruv3LmFizzueIFdkd78eGtzghDoPSCBXFkkrHqXE
+      _, fingerprint_string, _, key_type = parameter_dict['ssh-fingerprint'].split()
+      self.assertEqual(key_type, '(ECDSA)')
+      fingerprint_algorithm, fingerprint = fingerprint_string.split(':', 1)
+      self.assertEqual(fingerprint_algorithm, 'SHA256')
+      # Paramiko does not allow to get the fingerprint as SHA256 easily yet
+      # https://github.com/paramiko/paramiko/pull/1103
+      self.assertEqual(
+        fingerprint,
+        # XXX with sha256, we need to remove that trailing =
+        base64.b64encode(hashlib.new(fingerprint_algorithm, key_policy.key.asbytes()).digest())[:-1]
+      )
      channel = client.invoke_shell()
      channel.settimeout(30)
+      # apparently we sometimes need to send something on the first ssh connection
+      channel.send('\n')
      # openssh prints a warning 'Attempt to write login records by non-root user (aborting)'
      # so we received more than the lenght of the asserted message.
      self.assertIn("Welcome to SlapOS Selenium Server.", channel.recv(100))