Merge remote-tracking branch 'upstream/master' into zope4py2

component/curl/buildout.cfg

@@ -10,6 +10,8 @@ extends =
   ../zstd/buildout.cfg
   ../zlib/buildout.cfg
   ../nghttp2/buildout.cfg
+  ../ngtcp2/buildout.cfg
+  ../nghttp3/buildout.cfg
   ../ca-certificates/buildout.cfg
 parts =
   curl
@@ -17,8 +19,8 @@ parts =
 [curl]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://curl.se/download/curl-7.86.0.tar.xz
-md5sum = 19a2165f37941a6f412afc924e750568
+url = https://curl.se/download/curl-7.87.0.tar.xz
+md5sum = 0b0f5de173afd303229e5272689578d7
 configure-options =
   --disable-static
   --disable-ech
@@ -36,10 +38,10 @@ configure-options =
   --disable-manual
   --enable-ipv6
   --disable-sspi
-  --disable-alt-svc
+  ${:ALT-SVC}
   --with-zlib=${zlib:location}
-  --with-ssl=${openssl:location}
-  --with-ca-path=${openssl:location}/etc/ssl/certs
+  --with-ssl=${:OPENSSL}
+  --with-ca-path=${:OPENSSL}/etc/ssl/certs
   --without-gnutls
   --without-polarssl
   --without-mbedtls
@@ -60,8 +62,34 @@ configure-options =
   --without-brotli
   --with-zstd=${zstd:location}
   --without-gssapi
+  ${:WITH}
+
+ALT-SVC = --disable-alt-svc
+LDFLAGS =
+OPENSSL = ${openssl:location}
+PATH =
+PKG_CONFIG_PATH =
+WITH =
 
 environment =
-  PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
-  PKG_CONFIG_PATH=${openssl:location}/lib/pkgconfig:${nghttp2:location}/lib/pkgconfig
-  LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${nghttp2:location}/lib -Wl,-rpath=${zstd:location}/lib
+  PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${:PATH}:%(PATH)s
+  PKG_CONFIG_PATH=${:OPENSSL}/lib/pkgconfig:${nghttp2:location}/lib/pkgconfig${:PKG_CONFIG_PATH}
+  LDFLAGS=-Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${:OPENSSL}/lib -Wl,-rpath=${nghttp2:location}/lib -Wl,-rpath=${zstd:location}/lib ${:LDFLAGS}
+
+[curl-http3]
+<= curl
+url = https://shacache.nxdcdn.com/73669dd9ed7aefbb30414c6ce2dd20c39bb2f106cf420dedf7d302eb2c4147876a05b0a1458661bcb66ab1d944e7254a42802caa31070a7e43e9dd24f98320b8
+md5sum = d71d04dd7201480df1024d5c754a9613
+pre-configure =
+  autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
+  automake
+  autoconf
+
+ALT-SVC = --enable-alt-svc
+LDFLAGS = -Wl,-rpath=${nghttp3:location}/lib -Wl,-rpath=${ngtcp2:location}/lib
+OPENSSL = ${openssl-quictls:location}
+PATH = ${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin
+PKG_CONFIG_PATH = :${nghttp3:location}/lib/pkgconfig:${ngtcp2:location}/lib/pkgconfig
+WITH =
+  --with-nghttp3=${nghttp3:location}
+  --with-ngtcp2=${ngtcp2:location}

component/nghttp3/buildout.cfg

+[buildout]
+extends =
+  ../automake/buildout.cfg
+  ../libtool/buildout.cfg
+  ../pkgconfig/buildout.cfg
+
+[nghttp3]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://github.com/ngtcp2/nghttp3/archive/refs/tags/v0.8.0.tar.gz
+md5sum = c6068762cdf221ae1fed2351af40b4d6
+pre-configure =
+  autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
+  automake
+  autoconf
+configure-options =
+  --enable-lib-only
+environment =
+  PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin:%(PATH)s

component/ngtcp2/buildout.cfg

+[buildout]
+extends =
+  ../pkgconfig/buildout.cfg
+  ../automake/buildout.cfg
+  ../libtool/buildout.cfg
+  ../pkgconfig/buildout.cfg
+
+[ngtcp2]
+recipe = slapos.recipe.cmmi
+shared = true
+url = https://github.com/ngtcp2/ngtcp2/archive/refs/tags/v0.12.1.tar.gz
+md5sum = c826c4630689d2afb9300b97cc5e52a3
+pre-configure =
+  autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
+  automake
+  autoconf
+configure-options =
+  --enable-lib-only
+environment =
+  PATH=${autoconf:location}/bin:${automake:location}/bin:${libtool:location}/bin:${m4:location}/bin:${pkgconfig:location}/bin:%(PATH)s
+  PKG_CONFIG_PATH=${openssl-quictls:location}/lib/pkgconfig:${nghttp3:location}/lib/pkgconfig
+  LDFLAGS=-Wl,-rpath=${openssl-quictls:location}/lib -Wl,-rpath=${nghttp3:location}/lib

component/openssl/buildout.cfg

@@ -48,8 +48,8 @@ environment =
 
 [openssl-quictls]
 <= openssl
-url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
-md5sum = 8ee8e1828879e2b527eca5dcc7923769
+url = https://github.com/quictls/openssl/archive/refs/tags/openssl-3.0.7+quic1.tar.gz
+md5sum = 8e27cd201b554a33ed03a59f6c679c77
 
 [openssl-output]
 # Shared binary location to ease migration

software/rapid-cdn/README.rst

@@ -333,19 +333,27 @@ Solution 1 (iptables)
 It is a good idea then to go on the node where the instance is
 and set some ``iptables`` rules like (if using default ports)::
 
-  iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 443 -j DNAT --to-destination {listening_ipv4}:4443
-  iptables -t nat -A PREROUTING -p tcp -d {public_ipv4} --dport 80 -j DNAT --to-destination {listening_ipv4}:8080
-  ip6tables -t nat -A PREROUTING -p tcp -d {public_ipv6} --dport 443 -j DNAT --to-destination {listening_ipv6}:4443
-  ip6tables -t nat -A PREROUTING -p tcp -d {public_ipv6} --dport 80 -j DNAT --to-destination {listening_ipv6}:8080
+  iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
+  iptables -t nat -A PREROUTING -p udp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
+  iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to-destination ${listening_ipv4}:8080
+  ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to-destination ${listening_ipv6}:4443
+  ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to-destination ${listening_ipv6}:8080
 
 Where ``{public_ipv[46]}`` is the public IP of your server, or at least the LAN IP to where your NAT will forward to, and ``{listening_ipv[46]}`` is the private ipv4 (like 10.0.34.123) that the instance is using and sending as connection parameter.
 
 Additionally in order to access the server by itself such entries are needed in ``OUTPUT`` chain (as the internal packets won't appear in the ``PREROUTING`` chain)::
 
-  iptables -t nat -A OUTPUT -p tcp -d {public_ipv4} --dport 443 -j DNAT --to {listening_ipv4}:4443
-  iptables -t nat -A OUTPUT -p tcp -d {public_ipv4} --dport 80 -j DNAT --to {listening_ipv4}:8080
-  ip6tables -t nat -A OUTPUT -p tcp -d {public_ipv6} --dport 443 -j DNAT --to {listening_ipv6}:4443
-  ip6tables -t nat -A OUTPUT -p tcp -d {public_ipv6} --dport 80 -j DNAT --to {listening_ipv6}:8080
+  iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
+  iptables -t nat -A OUTPUT -p udp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
+  iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to ${listening_ipv4}:8080
+  ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to ${listening_ipv6}:4443
+  ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to ${listening_ipv6}:8080
+
+**Note regarding ports**:
+
+ * the port seen by application in case of IPv4 TCP will be "correct" - the ``443`` or ``80``
+ * the port seen by application in case of IPv6 and IPv4 UDP will be "incorrect" - the ``4443`` or ``8080``
+
 
 Solution 2 (network capability)
 -------------------------------
@@ -359,6 +367,10 @@ Then specify in the master instance parameters:
  * set ``port`` to ``443``
  * set ``plain_http_port`` to ``80``
 
+**Note regarding securitry**:
+
+ * such configuration results with all partitions being able to bind to low ports using this binary
+
 Authentication to the backend
 =============================
 
@@ -479,4 +491,6 @@ Experimental QUIC
 
 QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
 
+Please note that due to limitations of iptables method used to expose low ports, the ``-frontend-i-experimental-quic-port`` is by default ``443``, which is used when advertisting the QUIC/HTTP3 port to the client.
+
 Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.

software/rapid-cdn/buildout.hash.cfg

@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
+md5sum = f249b268bd3e74f6f2dcdd437b1c9f71
 
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = daf89318c2c155132c34b91105c68806
+md5sum = 2f0b4af26c5e947f77cf85ab44e0fe5d
 
 [profile-master]
 filename = instance-master.cfg.in
-md5sum = b026a6df40f3d1090ceaa3451a9293fe
+md5sum = 2aaab85bad51136b38f6a16d662a7b3e
 
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = ca2e775e7bd2a96e46113a628461a46f
+md5sum = b26f4536102ff2cdc1356f6626928975
 
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in
@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
 
 [template-frontend-haproxy-configuration]
 _update_hash_filename_ = templates/frontend-haproxy.cfg.in
-md5sum = 4af0e29ac2399aac10de116b4fa3ac25
+md5sum = 2e964dbe75f725c4e45e62720a77bba3
 
 [template-frontend-haproxy-crt-list]
 _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
-md5sum = 13c294af9950939c76021eb19305f3ab
+md5sum = 238760d48d2875f087ad2d784e2a8fcd
 
 [template-not-found-html]
 _update_hash_filename_ = templates/notfound.html

software/rapid-cdn/instance-frontend.cfg.in

 {% import "caucase" as caucase with context %}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- set QUIC_PORT = instance_parameter_dict.get('configuration.frontend-quic-port', '443') %}
 {%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
 {%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
 {%-   if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
@@ -371,6 +372,7 @@ organizational-unit = {{ instance_parameter_dict['configuration.frontend-name']
 backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url'] }}
 partition_ipv6 =  ${slap-configuration:ipv6-random}
 url-ready-file = ${directory:var}/url-ready.txt
+quic = {{ FRONTEND_HAPROXY_QUIC }}
 extra-context =
     key backend_client_caucase_url :backend-client-caucase-url
     import furl_module furl
@@ -384,6 +386,7 @@ extra-context =
     key empty_template software-release-path:template-empty
     key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
     key software_type :software_type
+    key quic :quic
     key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output
     key monitor_base_url monitor-instance-parameter:monitor-base-url
     key node_id frontend-node-id:value
@@ -485,6 +488,7 @@ local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 version-hash = ${version-hash:value}
 node-id = ${frontend-node-id:value}
 quic = {{ FRONTEND_HAPROXY_QUIC }}
+quic-port = {{ QUIC_PORT }}
 
 # BBB: SlapOS Master non-zero knowledge BEGIN
 [get-self-signed-fallback-access]

software/rapid-cdn/instance-master.cfg.in

@@ -171,6 +171,8 @@ context =
 {%   do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
 {%   set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
 {%   do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
+{%   set frontend_quic_port_key = "-frontend-%s-experimental-quic-port" % i %}
+{%   do config_dict.__setitem__('frontend-quic-port', slapparameter_dict.get(frontend_quic_port_key) or '443') %}
 # Filling request dict for slave
 {%   set request_content_dict = {
                                   'config': config_dict,

software/rapid-cdn/instance-slave-list.cfg.in

@@ -9,6 +9,12 @@
 {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
 {%- set backend_haproxy_https_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['https-port']) %}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
+{%- set ALPN_HTTP11 = "alpn http/1.1,http/1.0" %}
+{%- if quic.lower() in TRUE_VALUES %}
+{%-   set ALPN_HTTP2PLUS = "alpn h3,h2,http/1.1,http/1.0" %}
+{%- else %}
+{%-   set ALPN_HTTP2PLUS = "alpn h2,http/1.1,http/1.0" %}
+{%- endif %}
 {%- set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': instance_parameter_dict['ipv4-random'], 'http_port': configuration['plain_http_port'], 'https_port': configuration['port']} %}
 {%- set slave_log_dict = {} %}
 {%- set slave_instance_information_list = [] %}
@@ -243,10 +249,12 @@ context =
 {%-     endif %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
-{%-   do slave_instance.__setitem__('enable_h2', slave_instance['enable-http2']) %}
-{%-   if slave_instance['type'] in ['notebook', 'websocket'] %}
-{#    websocket style needs http 1.1 max #}
-{%-     do slave_instance.__setitem__('enable_h2', False) %}
+{#- Handle alpn negotiation -#}
+{%-   if slave_instance['type'] in ['notebook', 'websocket'] or not slave_instance['enable-http2'] %}
+{#    websocket style needs http 1.1 max, just like non-http2 frontends #}
+{%-     do slave_instance.__setitem__('alpn', ALPN_HTTP11) %}
+{%-   else %}
+{%-     do slave_instance.__setitem__('alpn', ALPN_HTTP2PLUS) %}
 {%-   endif %}
 
 [slave-log-directory-dict]

software/rapid-cdn/instance.cfg.in

@@ -91,7 +91,6 @@ configuration.caucase_port = 8890
 configuration.caucase_backend_client_port = 8990
 configuration.apache-key =
 configuration.apache-certificate =
-configuration.open-port = 80 443
 configuration.disk-cache-size = 8G
 configuration.ram-cache-size = 1G
 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html

software/rapid-cdn/software.cfg

@@ -108,6 +108,7 @@ haproxy_executable = ${haproxy:location}/sbin/haproxy
 haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
 rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
 curl = ${curl:location}
+curl_http3 = ${curl-http3:location}
 dash = ${dash:location}
 gzip = ${gzip:location}
 logrotate = ${logrotate:location}

software/rapid-cdn/templates/frontend-haproxy-crt-list.in

@@ -6,11 +6,7 @@
 {%-   if slave['ciphers'] %}
 {%-     do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
 {%-   endif %}
-{%-   if slave['enable_h2'] %}
-{%-     do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
-{%-   else %}
-{%-     do sslbindconf.append('alpn http/1.1,http/1.0') %}
-{%-   endif %}
+{%-   do sslbindconf.append(slave['alpn']) %}
 {%-   do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
 {#-   <snifilter> #}
 {%-   do entry_list.extend(slave['host_list']) %}

software/rapid-cdn/templates/frontend-haproxy.cfg.in

@@ -82,9 +82,9 @@ frontend https-frontend
 {%- if QUIC %}
   bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
   bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
-  http-response set-header alt-svc "h3=\":%fp\";ma=900;"
+  http-response set-header alt-svc "h3=\":{{ configuration['quic-port'] }}\"; ma=3600"
   {#- Ask Chromium to use QUIC #}
-  http-response set-header alternate-protocol %fp:quic
+  http-response set-header alternate-protocol {{ configuration['quic-port'] }}:quic
 {%- endif %}
 {{ frontend_common() }}
 {%- for slave_instance in frontend_slave_list -%}

software/rapid-cdn/test/test.py

@@ -6761,6 +6761,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'frontend-haproxy-flavour': 'basic',
         'frontend-haproxy-quic': 'False',
         'frontend-name': 'caddy-frontend-1',
+        'frontend-quic-port': '443',
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8411,
@@ -6788,6 +6789,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'frontend-haproxy-flavour': 'basic',
         'frontend-haproxy-quic': 'False',
         'frontend-name': 'caddy-frontend-2',
+        'frontend-quic-port': '443',
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8412,
@@ -6815,6 +6817,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
         'frontend-haproxy-flavour': 'basic',
         'frontend-haproxy-quic': 'False',
         'frontend-name': 'caddy-frontend-3',
+        'frontend-quic-port': '443',
         'kedifa-caucase-url': kedifa_caucase_url,
         'monitor-cors-domains': 'monitor.app.officejs.com',
         'monitor-httpd-port': 8413,
@@ -7364,6 +7367,86 @@ backend _health-check-default-http
     self.assertEqual(result.status_code, http.client.SERVICE_UNAVAILABLE)
 
 
+class TestSlaveQuic(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
+  @classmethod
+  def getInstanceParameterDict(cls):
+    return {
+      'domain': 'example.com',
+      'port': HTTPS_PORT,
+      'plain_http_port': HTTP_PORT,
+      'kedifa_port': KEDIFA_PORT,
+      'caucase_port': CAUCASE_PORT,
+      'request-timeout': '12',
+      '-frontend-1-experimental-haproxy-quic': True,
+      '-frontend-1-experimental-haproxy-flavour': 'quic',
+      '-frontend-1-experimental-quic-port': HTTPS_PORT,
+    }
+
+  @classmethod
+  def getSlaveParameterDictDict(cls):
+    return {
+      'url': {
+        'url': cls.backend_url,
+      },
+      'enable_cache': {
+        'url': cls.backend_url,
+        'enable_cache': True,
+      },
+    }
+
+  def get_curl_http3(self):
+    # Very hacky way to fetch curl from own software release instead of
+    # polluting slapos-sr-testing
+    with open(os.path.join(self.software_path, '.installed.cfg')) as fh:
+      for line in fh.readlines():
+        if line.startswith('location =') and 'curl-http3' in line:
+          return '/'.join([line.strip().split()[-1], 'bin/curl'])
+
+  def assertHttp3(self, domain, direct=True):
+    alt_svc = tempfile.NamedTemporaryFile(delete=False)
+    curl_command = [self.get_curl_http3()]
+    if direct:
+      curl_command.append('--http3')
+    else:
+      curl_command.extend(['--alt-svc', alt_svc.name])
+    curl_command.extend([
+      '-k',
+      '-v',
+      '-D', '-',
+      '-o', '/dev/null',
+      '-H', 'Host: %s' % (domain,),
+      '--resolve', '%(domain)s:%(https_port)s:%(ip)s' % dict(
+        ip=TEST_IP, domain=domain, https_port=HTTPS_PORT),
+      'https://%(domain)s:%(https_port)s/' % dict(
+        domain=domain, https_port=HTTPS_PORT),
+    ])
+
+    def call_curl():
+      prc = subprocess.Popen(
+        curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
+      )
+      out, err = prc.communicate()
+      assert prc.returncode == 0, "Problem running %r. "\
+          "Output:\n%s\nError:\n%s" % (
+            ' '.join(curl_command), out, err)
+      return [q.strip() for q in out.decode().splitlines()]
+
+    if not direct:
+      # curl with alt-svc does not switch to HTTP3 in one request
+      self.assertEqual('HTTP/2 200', call_curl()[0])
+    self.assertEqual('HTTP/3 200', call_curl()[0])
+
+  def test_url(self):
+    parameter_dict = self.assertSlaveBase('url')
+    self.assertHttp3(parameter_dict['domain'])
+    self.assertHttp3(parameter_dict['domain'], direct=False)
+
+  def test_enable_cache(self):
+    parameter_dict = self.assertSlaveBase('enable_cache')
+    self.assertHttp3(parameter_dict['domain'])
+    self.assertHttp3(parameter_dict['domain'], direct=False)
+
+
 if __name__ == '__main__':
   class HTTP6Server(ThreadedHTTPServer):
     address_family = socket.AF_INET6

software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt

@@ -107,6 +107,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt

@@ -109,6 +109,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt

@@ -65,6 +65,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt

@@ -63,6 +63,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt

@@ -65,6 +65,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt

@@ -79,6 +79,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt

@@ -79,6 +79,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt

@@ -83,6 +83,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",
@@ -122,6 +123,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-2",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlave.test00cluster_request_instance_parameter_dict.txt

@@ -790,6 +790,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt

@@ -95,6 +95,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt

@@ -284,6 +284,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt

@@ -92,6 +92,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test00cluster_request_instance_parameter_dict.txt

+[
+  {
+    "-frontend-1-experimental-haproxy-flavour": "quic",
+    "-frontend-1-experimental-haproxy-quic": "True",
+    "-frontend-1-experimental-quic-port": "11443",
+    "caucase_port": "15090",
+    "domain": "example.com",
+    "full_address_list": [],
+    "instance_title": "testing partition 0",
+    "ip_list": [
+      [
+        "T-0",
+        "@@_ipv4_address@@"
+      ],
+      [
+        "T-0",
+        "@@_ipv6_address@@"
+      ]
+    ],
+    "kedifa_port": "15080",
+    "plain_http_port": "11080",
+    "port": "11443",
+    "request-timeout": "12",
+    "root_instance_title": "testing partition 0",
+    "slap_computer_id": "local",
+    "slap_computer_partition_id": "T-0",
+    "slap_software_release_url": "@@00getSoftwareURL@@",
+    "slap_software_type": "RootSoftwareInstance",
+    "slave_instance_list": [
+      {
+        "slap_software_type": "RootSoftwareInstance",
+        "slave_reference": "_url",
+        "slave_title": "_url",
+        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
+      },
+      {
+        "enable_cache": true,
+        "slap_software_type": "RootSoftwareInstance",
+        "slave_reference": "_enable_cache",
+        "slave_title": "_enable_cache",
+        "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
+      }
+    ],
+    "timestamp": "@@TIMESTAMP@@"
+  },
+  {
+    "_": {
+      "caucase_port": "15090",
+      "cluster-identification": "testing partition 0",
+      "kedifa_port": "15080",
+      "monitor-cors-domains": "monitor.app.officejs.com",
+      "monitor-httpd-port": "8402",
+      "monitor-password": "@@monitor-password@@",
+      "monitor-username": "admin",
+      "slave-list": [
+        {
+          "enable_cache": true,
+          "slave_reference": "_enable_cache",
+          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
+        },
+        {
+          "slave_reference": "_url",
+          "url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
+        }
+      ]
+    },
+    "full_address_list": [],
+    "instance_title": "kedifa",
+    "ip_list": [
+      [
+        "T-1",
+        "@@_ipv4_address@@"
+      ],
+      [
+        "T-1",
+        "@@_ipv6_address@@"
+      ]
+    ],
+    "root_instance_title": "testing partition 0",
+    "slap_computer_id": "local",
+    "slap_computer_partition_id": "T-1",
+    "slap_software_release_url": "@@00getSoftwareURL@@",
+    "slap_software_type": "kedifa",
+    "slave_instance_list": [],
+    "timestamp": "@@TIMESTAMP@@"
+  },
+  {
+    "_": {
+      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
+      "cluster-identification": "testing partition 0",
+      "domain": "example.com",
+      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "quic",
+      "frontend-haproxy-quic": "True",
+      "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "11443",
+      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
+      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
+      "monitor-cors-domains": "monitor.app.officejs.com",
+      "monitor-httpd-port": 8411,
+      "monitor-password": "@@monitor-password@@",
+      "monitor-username": "admin",
+      "plain_http_port": "11080",
+      "port": "11443",
+      "request-timeout": "12",
+      "slave-kedifa-information": "{\"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@enable_cache_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@/@@enable_cache_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_key-generate-auth-url@@?auth=\"}}"
+    },
+    "full_address_list": [],
+    "instance_title": "caddy-frontend-1",
+    "ip_list": [
+      [
+        "T-2",
+        "@@_ipv4_address@@"
+      ],
+      [
+        "T-2",
+        "@@_ipv6_address@@"
+      ]
+    ],
+    "root_instance_title": "testing partition 0",
+    "slap_computer_id": "local",
+    "slap_computer_partition_id": "T-2",
+    "slap_software_release_url": "@@00getSoftwareURL@@",
+    "slap_software_type": "single-custom-personal",
+    "slave_instance_list": [],
+    "timestamp": "@@TIMESTAMP@@"
+  }
+]

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test00file_list_log.txt

+T-0/var/log/monitor-httpd-access.log
+T-0/var/log/monitor-httpd-error.log
+T-0/var/log/slapgrid-T-0-error.log
+T-1/var/log/expose-csr.log
+T-1/var/log/kedifa.log
+T-1/var/log/monitor-httpd-access.log
+T-1/var/log/monitor-httpd-error.log
+T-2/var/log/backend-haproxy.log
+T-2/var/log/expose-csr.log
+T-2/var/log/frontend-haproxy.log
+T-2/var/log/httpd/_enable_cache_access_log
+T-2/var/log/httpd/_enable_cache_backend_log
+T-2/var/log/httpd/_url_access_log
+T-2/var/log/httpd/_url_backend_log
+T-2/var/log/monitor-httpd-access.log
+T-2/var/log/monitor-httpd-error.log
+T-2/var/log/slave-introspection-access.log
+T-2/var/log/slave-introspection-error.log
+T-2/var/log/trafficserver/manager.log

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test00file_list_run.txt

+T-0/var/run/monitor-httpd.pid
+T-1/var/run/kedifa.pid
+T-1/var/run/monitor-httpd.pid
+T-2/var/run/backend-haproxy-rsyslogd.pid
+T-2/var/run/backend-haproxy.pid
+T-2/var/run/backend_haproxy_configuration_last_state
+T-2/var/run/backend_haproxy_graceful_configuration_state_signature
+T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
+T-2/var/run/graceful_configuration_state_signature
+T-2/var/run/httpd.pid
+T-2/var/run/monitor-httpd.pid
+T-2/var/run/slave-introspection.pid
+T-2/var/run/slave_introspection_configuration_last_state
+T-2/var/run/slave_introspection_graceful_configuration_state_signature

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test00supervisor_state.txt

+T-0:aibcc-user-caucase-updater-on-watch RUNNING
+T-0:aikc-user-caucase-updater-on-watch RUNNING
+T-0:bootstrap-monitor EXITED
+T-0:caucased-backend-client-{hash-generic}-on-watch RUNNING
+T-0:certificate_authority-{hash-generic}-on-watch RUNNING
+T-0:crond-{hash-generic}-on-watch RUNNING
+T-0:master-introspection-server-{hash-master-introspection}-on-watch RUNNING
+T-0:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-0:monitor-httpd-graceful EXITED
+T-1:bootstrap-monitor EXITED
+T-1:caucase-updater-on-watch RUNNING
+T-1:caucased-{hash-generic}-on-watch RUNNING
+T-1:certificate_authority-{hash-generic}-on-watch RUNNING
+T-1:crond-{hash-generic}-on-watch RUNNING
+T-1:expose-csr-{hash-generic}-on-watch RUNNING
+T-1:kedifa-{hash-generic}-on-watch RUNNING
+T-1:kedifa-reloader EXITED
+T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-1:monitor-httpd-graceful EXITED
+T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
+T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:backend-haproxy-safe-graceful EXITED
+T-2:bootstrap-monitor EXITED
+T-2:certificate_authority-{hash-generic}-on-watch RUNNING
+T-2:crond-{hash-generic}-on-watch RUNNING
+T-2:expose-csr-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
+T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
+T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
+T-2:monitor-httpd-graceful EXITED
+T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
+T-2:slave-introspection-safe-graceful EXITED
+T-2:trafficserver-{hash-generic}-on-watch RUNNING
+T-2:trafficserver-reload EXITED

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test_file_list_etc_cron_d.txt

+T-0/etc/cron.d/logrotate
+T-0/etc/cron.d/monitor-configurator
+T-0/etc/cron.d/monitor-globalstate
+T-0/etc/cron.d/monitor_collect
+T-1/etc/cron.d/logrotate
+T-1/etc/cron.d/monitor-configurator
+T-1/etc/cron.d/monitor-globalstate
+T-1/etc/cron.d/monitor_collect
+T-2/etc/cron.d/logrotate
+T-2/etc/cron.d/monitor-configurator
+T-2/etc/cron.d/monitor-globalstate
+T-2/etc/cron.d/monitor_collect
+T-2/etc/cron.d/trafficserver-logrotate

software/rapid-cdn/test/test_data/test.TestSlaveQuic.test_file_list_plugin.txt

+T-0/etc/plugin/__init__.py
+T-0/etc/plugin/aibcc-sign-promise.py
+T-0/etc/plugin/aibcc-user-caucase-updater.py
+T-0/etc/plugin/aikc-sign-promise.py
+T-0/etc/plugin/aikc-user-caucase-updater.py
+T-0/etc/plugin/buildout-T-0-status.py
+T-0/etc/plugin/caucased-backend-client.py
+T-0/etc/plugin/check-backend-haproxy-statistic-url-frontend-node-1.py
+T-0/etc/plugin/check-free-disk-space.py
+T-0/etc/plugin/master-introspection-server-ip-port-listening.py
+T-0/etc/plugin/master-key-download-url-ready-promise.py
+T-0/etc/plugin/master-key-generate-auth-url-ready-promise.py
+T-0/etc/plugin/master-key-upload-url-ready-promise.py
+T-0/etc/plugin/monitor-bootstrap-status.py
+T-0/etc/plugin/monitor-http-frontend.py
+T-0/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-0/etc/plugin/publish-failsafe-error.py
+T-0/etc/plugin/rejected-slave.py
+T-1/etc/plugin/__init__.py
+T-1/etc/plugin/buildout-T-1-status.py
+T-1/etc/plugin/caucased.py
+T-1/etc/plugin/check-free-disk-space.py
+T-1/etc/plugin/expose-csr-ip-port-listening.py
+T-1/etc/plugin/kedifa-http-reply.py
+T-1/etc/plugin/monitor-bootstrap-status.py
+T-1/etc/plugin/monitor-http-frontend.py
+T-1/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-1/etc/plugin/promise-kedifa-auth-ready.py
+T-1/etc/plugin/promise-logrotate-setup.py
+T-2/etc/plugin/__init__.py
+T-2/etc/plugin/backend-client-caucase-updater.py
+T-2/etc/plugin/backend-haproxy-configuration.py
+T-2/etc/plugin/backend-haproxy-statistic-frontend.py
+T-2/etc/plugin/backend_haproxy_http.py
+T-2/etc/plugin/backend_haproxy_https.py
+T-2/etc/plugin/buildout-T-2-status.py
+T-2/etc/plugin/caucase-updater.py
+T-2/etc/plugin/check-free-disk-space.py
+T-2/etc/plugin/expose-csr-ip-port-listening.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
+T-2/etc/plugin/monitor-bootstrap-status.py
+T-2/etc/plugin/monitor-http-frontend.py
+T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
+T-2/etc/plugin/promise-key-download-url-ready.py
+T-2/etc/plugin/promise-logrotate-setup.py
+T-2/etc/plugin/re6st-connectivity.py
+T-2/etc/plugin/slave-introspection-configuration.py
+T-2/etc/plugin/slave_introspection_https.py
+T-2/etc/plugin/trafficserver-cache-availability.py
+T-2/etc/plugin/trafficserver-port-listening.py

software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt

@@ -243,6 +243,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt

@@ -83,6 +83,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",

software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt

@@ -83,6 +83,7 @@
       "frontend-haproxy-flavour": "basic",
       "frontend-haproxy-quic": "False",
       "frontend-name": "caddy-frontend-1",
+      "frontend-quic-port": "443",
       "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
       "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
       "monitor-cors-domains": "monitor.app.officejs.com",