See merge request nexedi/slapos!1317

This is getting rid of obsolete Caddy 1 software.

This is also making the public/ directory really public (no need for authentication).

See merge request nexedi/slapos!1317

Without this commit, compilation fails with:

Reached heap limit Allocation failed - JavaScript heap out of memory

See merge request nexedi/slapos!1317

libiconv 1.14 doesn't compile on aarch64 with the following error:
configure: error: cannot guess build type; you must specify one

See merge request nexedi/slapos!1317

Before this patch all ERP5 SlapOS Integration tests only run with ZEO
storage. We should also run them against NEO, because we are using
ERP5 with NEO in SlapOS.

In order to do so we implemented parameterized test classes for our ERP5
integration tests. Each test case can be configured via its __test_matrix__
attribute. A test matrix is a dict which maps the flavoured class name suffix to
a tuple of parameters. A parameter is a function which receives the
instance_parameter_dict and modifies it in place. You can use the
'matrix' helper function to construct a test matrix. If .__test_matrix__
is 'None' the test case is ignored.

/reviewed-by @kirr & @jerome
/reviewed-on nexedi/slapos!1306

See merge request nexedi/slapos!1314

Updated eggs for software/jupyter:
  pathlib2 2.2.1 -> 2.3.5
  pytz 2020.4 -> 2022.2.1
  scandir 1.5 -> 1.10.0
  wcwidth 0.1.7 -> 0.2.5

Updated eggs for stack/slapos.cfg:
  prompt-toolkit 2.0.10 -> 3.0.19
  Pygments 2.7.4 -> 2.9.0
  traitlets 4.3.3 -> 5.0.5

Update ipython to fix https://github.com/ipython/ipython/issues/11590

See merge request !1201

In the same time extract described variables to be available in the comment
context.

Changes:

 * clean up tests from simply removing headers before asserting
 * check out unstable headers and correct them
 * improve assertion name

Adapt tests to cleaner responses from Haproxy.

It's just type:websocket without any path and with transparent parameter,
thus resulting with providing X-Real-Ip to the backend.

haproxy supports websocket by default everywhere, so reuse this and make
type=websocket only needed if some specific configuration like
websocket-path-list or websocket-transparent have to be set.

As a result of implementing this feature X-Forwarded-Proto and
X-Forwarded-Port header support is now enabled per slave and not just
globally.

X-Real-Ip is only available for websocket paths, previous implementation
was simply wrong, and this has been fixed and asserted in tests.

Tests have been slightly updated to make it easier to follow the real
websocket logic.

Cipher translation is implented on the node, so that old style and new style
nodes can co-exists in the same cluster, thus making partial upgrade possible.

Caddy was automat(g)ically adding Content-Type header to the backend
response, but Haproxy does not do it, and change of the servers shall
follow generic approach that not additional information is added to the
response by the CDN.

In case if Date header is present do nothing otherwise add one.
Test backend is adapted to have full control over headers sent.

Backward incompatible change happens, as the Date header is generated
before passing the request to the cache, thus resulting with caching it.
Nevertheless this is good change, as previous behavior was simply wrong.

mpm-graceful-shutdown-timeout is dropped, as it's historical leftover and never
really useful in the caddy-frontend CDN usage context - stopping the server is
the most rare situation, and any grace period is solved eventually outside of
the running process (like redirecting traffic elsewhere before stopping).

haproxy since 2.4 requires correctly ending files, thus do it by adding
in-jinja comment which will result with LF in the end.

It's based on phased out caddy-frontend, especially as next step is to drop
Caddy software from the software release.

2.6 implementes url normalization, needed on front facing part, see
https://cbonte.github.io/haproxy-dconv/2.6/configuration.html#4.2-http-request%20normalize-uri

We don't care about exact exception message, but we only want to test
that the client can't connect anymore once banned. Relaxing this
assertion should stabilize previously flaky
'TestBan.test_client_are_banned_after_5_wrong_passwords'.

See nexedi/slapos@97f4a5fb (comment 150049)
and nexedi/slapos!1305 (comment 175255)
for additional context.

The workaround seems to be required for several OlinuXino boards (https://github.com/OLIMEX/OLINUXINO).
See !915

Disable java

Do not update vscode-uri yet, because theia does not support vscode-uri 3 currently, so we have to keep our patch.

See merge request nexedi/slapos!1315