caddy-frontend: Drop whitespace control in Jinja2

Therte is no need to control whitespace adding by Jijna2 and dropping it simplifies the templates. It will allow to take better control over generated configuration files.

caddy-frontend: Drop whitespace control in Jinja2
Therte is no need to control whitespace adding by Jijna2 and dropping it simplifies the templates. It will allow to take better control over generated configuration files.
78f3c519 · Łukasz Nowak · Rafael Monnerat · ac9c1973 · 78f3c519 · 78f3c519
Commit 78f3c519 authored Jun 29, 2018 by Łukasz Nowak Committed by Rafael Monnerat Jul 03, 2018
8 changed files
--- a/software/caddy-frontend/TODO.rst
+++ b/software/caddy-frontend/TODO.rst
@@ -9,7 +9,6 @@ Generally things to be done with ``caddy-frontend``:
 * ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug https://github.com/mholt/caddy/issues/1550, proposed solution `just adding your CA to the system's trust store`
 * ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
 * cover test suite like resilient tests for KVM and prove it works the same way as Caddy
- * simplify Jijna2 syntax and drop whitespace control, as it is not needed
 * make beautiful (eg. with whitespaces and nice comments) generated files (mostly Jinja2)
 * have ``caddy-frontend`` specific parameters, with backward compatibility to ``apache-frontend`` ones (like ``apache_custom_http`` --> ``caddy_custom_http``)
 * change ``switch-softwaretype`` to way how ``software/erp5`` does, which will help with dropping jinja2 template for ``caddy-wrapper``, which is workaround for current situation https://lab.nexedi.com/nexedi/slapos/merge_requests/312#note_62678

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,11 +22,11 @@ md5sum = ba6b8d3b11f4d9809bc0620a05946a16

 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = e2d7a5bc47e1c2e79d9ba84684277c6e
+md5sum = cd83f92b43904e1f3826072013cd682b

 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = acfe2c5530ddd46803f99e7f5249aa5e
+md5sum = 3993419eea72ad4b62c0d479860f3c17

 [template-slave-configuration]
 filename = templates/custom-virtualhost.conf.in
@@ -34,7 +34,7 @@ md5sum = 74275ad73b03114c69f80c8f8ae73374

 [template-replicate-publish-slave-information]
 filename = templates/replicate-publish-slave-information.cfg.in
-md5sum = 665e83d660c9b779249b2179d7ce4b4e
+md5sum = 8d318af17da5631d4242c0d6d1531066

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
@@ -42,7 +42,7 @@ md5sum = 5c048a80c2e9374adea0cd647d14b192

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
-md5sum = acfe2c5530ddd46803f99e7f5249aa5e
+md5sum = 3993419eea72ad4b62c0d479860f3c17

 [template-not-found-html]
 filename = templates/notfound.html
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 9568465d1c1423343f7b043c8345f917
+md5sum = c291422b417a906ee944de17321c0d12

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = 811b4fca0668b84655372687f234ee81
+md5sum = 194b1c41ae2edd1528e85bd01eb1f95b

 [template-log-access]
 filename = templates/template-log-access.conf.in
@@ -86,7 +86,7 @@ md5sum = b1d6bac767db77ad1662edd06aabdf49

 [template-nginx-eventsource-slave-virtualhost]
 filename = templates/nginx-eventsource-slave.conf.in
-md5sum = a0c5c376753da042c5f8444a33066acf
+md5sum = 69d65e461cd7cd5ef5b1ccd0098b50c8

 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in

--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
-{% if slap_software_type in software_type -%}
+{% if slap_software_type in software_type %}

 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
@@ -12,33 +12,33 @@ context =
    key slave_instance_list slap-parameter:slave_instance_list
    ${:extra-context}

-{% set part_list = [] -%}
+{% set part_list = [] %}
 {% set single_type_key = 'single-' %}
 {% if slap_software_type == "replicate" %}
-{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') -%}
-{% elif slap_software_type in ['default', 'RootSoftwareInstance'] -%}
-{%   set frontend_type = "%s%s" % (single_type_key, 'custom-personal') -%}
-{% else -%}
-{%   set frontend_type = "%s%s" % (single_type_key, slap_software_type) -%}
-{% endif -%}
-{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int -%}
-{% set slave_list_name = 'extra_slave_instance_list' -%}
+{%   set frontend_type = slapparameter_dict.pop('-frontend-type', 'single-default') %}
+{% elif slap_software_type in ['default', 'RootSoftwareInstance'] %}
+{%   set frontend_type = "%s%s" % (single_type_key, 'custom-personal') %}
+{% else %}
+{%   set frontend_type = "%s%s" % (single_type_key, slap_software_type) %}
+{% endif %}
+{% set frontend_quantity = slapparameter_dict.pop('-frontend-quantity', '1') | int %}
+{% set slave_list_name = 'extra_slave_instance_list' %}
 {% set frontend_list = [] %}
 {% set frontend_section_list = [] %}
 {% set request_dict = {} %}
-{% set namebase = 'caddy-frontend' -%}
+{% set namebase = 'caddy-frontend' %}
 # XXX Dirty hack, not possible to define default value before
-{% set sla_computer_caddy_1_key = '-sla-1-computer_guid' -%}
-{% if not sla_computer_caddy_1_key in slapparameter_dict -%}
-{%   do slapparameter_dict.__setitem__(sla_computer_caddy_1_key, '${slap-connection:computer-id}') -%}
-{% endif -%}
+{% set sla_computer_caddy_1_key = '-sla-1-computer_guid' %}
+{% if not sla_computer_caddy_1_key in slapparameter_dict %}
+{%   do slapparameter_dict.__setitem__(sla_computer_caddy_1_key, '${slap-connection:computer-id}') %}
+{% endif %}

 # Here we request individually each frontend.
 # The presence of sla parameters is checked and added if found
-{% for i in range(1, frontend_quantity + 1) -%}
-{%   set frontend_name = "%s-%s" % (namebase, i) -%}
-{%   set request_section_title = 'request-%s' % frontend_name -%}
-{%   set sla_key = "-sla-%s-" % i -%}
+{% for i in range(1, frontend_quantity + 1) %}
+{%   set frontend_name = "%s-%s" % (namebase, i) %}
+{%   set request_section_title = 'request-%s' % frontend_name %}
+{%   set sla_key = "-sla-%s-" % i %}
 {%   set sla_key_length = sla_key | length %}
 {%   set sla_dict = {} %}
 {%   set config_key = "-frontend-config-%s-" % i %}
@@ -48,13 +48,13 @@ context =
 {%     if key.startswith(sla_key) %}
 {%       do sla_dict.__setitem__(key[sla_key_length:], slapparameter_dict.pop(key)) %}
 # We check for specific configuration regarding the frontend
-{%     elif key.startswith(config_key) -%}
+{%     elif key.startswith(config_key) %}
 {%       do config_dict.__setitem__(key[config_key_length:], slapparameter_dict.pop(key)) %}
-{%     endif -%}
-{%   endfor -%}
-{%   do frontend_list.append(frontend_name) -%}
-{%   do frontend_section_list.append(request_section_title) -%}
-{%   do part_list.append(request_section_title) -%}
+{%     endif %}
+{%   endfor %}
+{%   do frontend_list.append(frontend_name) %}
+{%   do frontend_section_list.append(request_section_title) %}
+{%   do part_list.append(request_section_title) %}
 # Filling request dict for slave
 {%   set state_key = "-frontend-%s-state" % i %}
 {%   do request_dict.__setitem__(request_section_title,
@@ -64,9 +64,9 @@ context =
                                  'sla': sla_dict,
                                  'state': slapparameter_dict.pop(state_key, None)
                                  }) %}
-{% endfor -%}
+{% endfor %}

-{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') -%}
+{% set authorized_slave_string = slapparameter_dict.pop('-frontend-authorized-slave-string', '') %}
 {% set authorized_slave_list = [] %}
 {% set rejected_slave_list = [] %}
 {% for slave in slave_instance_list %}
@@ -75,7 +75,7 @@ context =
 {%   else %}
 {%     do rejected_slave_list.append(slave.get('slave_reference')) %}
 {%   endif %}
-{% endfor -%}
+{% endfor %}

 [monitor-instance-parameter]
 monitor-httpd-port = {{ slapparameter_dict.get('monitor-httpd-port', '8196') }}
@@ -110,11 +110,11 @@ state = {{ frontend_request.get('state') }}
 {%   do slave_configuration_dict.__setitem__("frontend-name", frontend_request.get('name')) %}
 config-_ = {{ json_module.dumps(slave_configuration_dict) }}
 {%   if frontend_request.get('sla') %}
-{%     for parameter, value in frontend_request.get('sla').iteritems() -%}
+{%     for parameter, value in frontend_request.get('sla').iteritems() %}
 sla-{{ parameter }} = {{ value }}
-{%     endfor -%}
-{%   endif -%}
-{% endfor -%}
+{%     endfor %}
+{%   endif %}
+{% endfor %}


 [publish-information]
@@ -138,9 +138,9 @@ custom-personal = ${dynamic-publish-slave-information:rendered}
 custom-group = ${dynamic-publish-slave-information:rendered}

 [slave-information]
-{% for frontend_section in frontend_section_list -%}
+{% for frontend_section in frontend_section_list %}
 {{ frontend_section }} = {{ "${%s:connection-slave-instance-information-list}" % frontend_section }}
-{% endfor -%}
+{% endfor %}

 [dynamic-publish-slave-information]
 < = jinja2-template-base
@@ -154,7 +154,7 @@ extra-context =
 monitor-url-list +=
 {% for frontend in frontend_section_list %}
 {{ '  ${' + frontend + ':connection-monitor-base-url}' }}
-{% endfor -%}
+{% endfor %}

 [buildout]
 extends = {{ template_monitor }}
@@ -162,9 +162,9 @@ parts =
  monitor-base
  publish-slave-information
  publish-information
-{% for part in part_list -%}
+{% for part in part_list %}
 {{ '  %s' % part }}
-{% endfor -%}
+{% endfor %}
 #      publish-information

 eggs-directory = {{ eggs_directory }}
@@ -185,4 +185,4 @@ cert_file = ${slap-connection:cert-file}
 slave_instance_list =
 -frontend-quantity = 1
 -frontend-type = single-default
-{%- endif %}
+{% endif %}
--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
-{% if software_type == slap_software_type -%}
+{% if software_type == slap_software_type %}

-{% set cached_server_dict = {} -%}
-{% set part_list = [] -%}
+{% set cached_server_dict = {} %}
+{% set part_list = [] %}
 {% set cache_port = caddy_configuration.get('cache-port') %}
 {% set cached_port = caddy_configuration.get('cache-through-port') %}
 {% set ssl_cached_port = caddy_configuration.get('ssl-cache-through-port') %}
-{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) -%}
-{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) -%}
-{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] -%}
+{% set cache_access = "http://%s:%s" % (local_ipv4, cache_port) %}
+{% set ssl_cache_access = "http://%s:%s/HTTPS" % (local_ipv4, cache_port) %}
+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
+{% set NGINX_TYPE_LIST = ['eventsource', 'notebook'] %}
 {% set generic_instance_parameter_dict = { 'cache_access': cache_access, 'local_ipv4': local_ipv4, 'http_port': http_port, 'https_port': https_port} %}
-{% set slave_log_dict = {} -%}
-{% if extra_slave_instance_list -%}
-{%   set slave_instance_information_list = [] -%}
-{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) -%}
-{% endif -%}
+{% set slave_log_dict = {} %}
+{% if extra_slave_instance_list %}
+{%   set slave_instance_information_list = [] %}
+{%   set slave_instance_list = slave_instance_list + json_module.loads(extra_slave_instance_list) %}
+{% endif %}
 [jinja2-template-base]
 recipe = slapos.recipe.template:jinja2
 extensions = jinja2.ext.do
@@ -26,7 +26,7 @@ context =

 {% do logrotate_dict.pop('recipe') %}
 [logrotate]
-{% for key, value in logrotate_dict.iteritems() -%}
+{% for key, value in logrotate_dict.iteritems() %}
 {{ key }} = {{ value }}
 {% endfor %}

@@ -46,28 +46,28 @@ newcerts = {{ custom_ssl_directory }}/newcerts/
 crl = {{ custom_ssl_directory }}/crl/

 {# Loop thought slave list to set up slaves #}
-{% for slave_instance in slave_instance_list -%}
-{%   set slave_reference = slave_instance.get('slave_reference') -%}
-{%   set slave_type = slave_instance.get('type', '') -%}
-{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference -%}
-{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() -%}
-{%   set slave_publish_dict = {} -%}
+{% for slave_instance in slave_instance_list %}
+{%   set slave_reference = slave_instance.get('slave_reference') %}
+{%   set slave_type = slave_instance.get('type', '') %}
+{%   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
+{%   set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
+{%   set slave_publish_dict = {} %}
 {%   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
-{%   set slave_logrotate_section = slave_reference + "-logs" -%}
-{%   set slave_password_section = slave_reference + "-password" -%}
-{%   set slave_ln_section = slave_reference + "-ln" -%}
+{%   set slave_logrotate_section = slave_reference + "-logs" %}
+{%   set slave_password_section = slave_reference + "-password" %}
+{%   set slave_ln_section = slave_reference + "-ln" %}

 {#   extend parts #}
-{%   do part_list.extend([slave_ln_section]) -%}
-{%   do part_list.extend([slave_logrotate_section, slave_section_title]) -%}
+{%   do part_list.extend([slave_ln_section]) %}
+{%   do part_list.extend([slave_logrotate_section, slave_section_title]) %}

-{%   set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" -%}
+{%   set slave_log_folder = logrotate_dict.get('backup') + '/' + slave_reference + "-logs" %}

 {#   Set Up log files #}
-{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) -%}
-{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) -%}
-{%   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) -%}
-{%   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) -%}
+{%   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
+{%   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
+{%   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
+{%   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}

 {#   Add slave log directory to the slave log access dict #}
 {%   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
@@ -78,33 +78,33 @@ crl = {{ custom_ssl_directory }}/crl/
 {%   do slave_publish_dict.__setitem__('public-ipv4', public_ipv4) %}

 {# Set slave domain if none was defined #}
-{%   if slave_instance.get('custom_domain', None) == None -%}
-{%     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() -%}
-{%     if slave_type in NGINX_TYPE_LIST -%}
-{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) -%}
-{%     else -%}
-{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) -%}
-{%     endif -%}
-{%   endif -%}
-
-{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') -%}
-{%   if enable_cache and 'url' in slave_instance -%}
-{%     if 'domain' in slave_instance -%}
-{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) -%}
-{%     endif -%}
-{%     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) -%}
-{%     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) -%}
-{%     do slave_instance.__setitem__('url', cache_access) -%}
-{%     do slave_instance.__setitem__('https-url', ssl_cache_access) -%}
-{%     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) -%}
-{%   endif -%}
+{%   if slave_instance.get('custom_domain', None) == None %}
+{%     set domain_prefix = slave_instance.get('slave_reference').replace("-", "").replace("_", "").lower() %}
+{%     if slave_type in NGINX_TYPE_LIST %}
+{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('nginx-domain', slapparameter_dict.get('domain')))) %}
+{%     else %}
+{%       do slave_instance.__setitem__('custom_domain', "%s.%s" % (domain_prefix, slapparameter_dict.get('domain'))) %}
+{%     endif %}
+{%   endif %}
+
+{%   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
+{%   if enable_cache and 'url' in slave_instance %}
+{%     if 'domain' in slave_instance %}
+{%       do slave_instance.__setitem__('custom_domain', slave_instance.get('domain')) %}
+{%     endif %}
+{%     do slave_instance.__setitem__('backend_url', slave_instance.get('url')) %}
+{%     do slave_instance.__setitem__('https_backend_url', slave_instance.get('https-url', slave_instance.get('url'))) %}
+{%     do slave_instance.__setitem__('url', cache_access) %}
+{%     do slave_instance.__setitem__('https-url', ssl_cache_access) %}
+{%     do cached_server_dict.__setitem__(slave_reference, slave_configuration_section_name) %}
+{%   endif %}

 {%   if not slave_instance.has_key('apache_custom_http') and not slave_instance.has_key('apache_custom_https') %}
-{%     do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) -%}
-{%     do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) -%}
-{%     do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) -%}
-{%     do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) -%}
-{%   endif -%}
+{%     do slave_publish_dict.__setitem__('domain', slave_instance.get('custom_domain')) %}
+{%     do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
+{%     do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
+{%     do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
+{%   endif %}

 [slave-log-directory-dict]
 {{slave_reference}} = {{ slave_log_folder }}
@@ -136,13 +136,13 @@ bytes = 8
 {# Set Slave Certificates if needed                   #}

 {# Set ssl certificates for each slave #}
-{%   for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')-%}
-{%     if cert_name in slave_instance -%}
-{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) -%}
-{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
-{%       do part_list.append(cert_title) -%}
-{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) -%}
-{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) -%}
+{%   for cert_name in ('ssl_ca_crt', 'ssl_csr', 'ssl_proxy_ca_crt')%}
+{%     if cert_name in slave_instance %}
+{%       set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
+{%       set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
+{%       do part_list.append(cert_title) %}
+{%       do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
+{%       do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
 {# Store certificates on fs #}
 [{{ cert_title }}]
 < = jinja2-template-base
@@ -153,26 +153,26 @@ extra-context =
 # Store certificate in config
 [{{ cert_title + '-config' }}]
 value = {{ dumps(slave_instance.get(cert_name)) }}
-{%     endif -%}
-{%   endfor -%}
+{%     endif %}
+{%   endfor %}

 {#-   Set Up Certs #}
-{%-   do slave_instance.__setitem__('login_certificate', login_certificate) %}
-{%-   do slave_instance.__setitem__('login_key', login_key) %}
-{%-   do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
-{%-   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
-{%-   do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
-{%-   do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
-{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance -%}
-{%     set cert_title = '%s-crt' % (slave_reference) -%}
-{%     set key_title = '%s-key' % (slave_reference) -%}
-{%     set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) -%}
-{%     set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) -%}
-{%     do part_list.append(cert_title) -%}
-{%     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) -%}
-{%     do slave_parameter_dict.__setitem__("ssl_key", key_file) -%}
-{%     do slave_instance.__setitem__('path_to_ssl_crt', cert_file) -%}
-{%     do slave_instance.__setitem__('path_to_ssl_key', key_file) -%}
+{%   do slave_instance.__setitem__('login_certificate', login_certificate) %}
+{%   do slave_instance.__setitem__('login_key', login_key) %}
+{%   do slave_instance.__setitem__('login_ca_crt', login_ca_crt) %}
+{%   do slave_instance.__setitem__('enable_http2_by_default', enable_http2_by_default) %}
+{%   do slave_parameter_dict.__setitem__('ssl_crt', login_certificate) %}
+{%   do slave_parameter_dict.__setitem__('ssl_key', login_key) %}
+{%   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
+{%     set cert_title = '%s-crt' % (slave_reference) %}
+{%     set key_title = '%s-key' % (slave_reference) %}
+{%     set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
+{%     set key_file = '/'.join([custom_ssl_directory, key_title.replace('-','.')]) %}
+{%     do part_list.append(cert_title) %}
+{%     do slave_parameter_dict.__setitem__("ssl_crt", cert_file) %}
+{%     do slave_parameter_dict.__setitem__("ssl_key", key_file) %}
+{%     do slave_instance.__setitem__('path_to_ssl_crt', cert_file) %}
+{%     do slave_instance.__setitem__('path_to_ssl_key', key_file) %}

 [{{cert_title}}]
 recipe = slapos.cookbook:certificate_authority.request
@@ -188,17 +188,17 @@ key-file = {{ key_file }}
 cert-file = {{ cert_file }}
 key-content = {{ dumps(slave_instance.get('ssl_key')) }}
 cert-content = {{ dumps(slave_instance.get('ssl_crt')) }} 
-{%     endif -%}
+{%     endif %}

 {# ########################################## #}
 {# Set Slave Configuration                    #}
 [{{ slave_configuration_section_name }}]
-{%     set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) -%}
-{%     set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) -%}
+{%     set apache_custom_http = ((slave_instance.pop('apache_custom_http', '')) % slave_parameter_dict) %}
+{%     set apache_custom_https = ((slave_instance.pop('apache_custom_https', '')) % slave_parameter_dict) %}
 apache_custom_http = {{ dumps(apache_custom_http) }}
 apache_custom_https = {{ dumps(apache_custom_https) }}
 {{ '\n' }}
-{%     for key, value in slave_instance.iteritems() -%}
+{%     for key, value in slave_instance.iteritems() %}
 {{ key }} = {{ dumps(value) }}
 {%     endfor %}

@@ -232,16 +232,16 @@ extra-context =
 {{ '\n' }}


-{%   set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') -%}
-{%   do part_list.append(check_error_log_section_title) -%}
+{%   set check_error_log_section_title = 'check-%s-error-log-last-hour' % slave_instance.get('slave_reference') %}
+{%   do part_list.append(check_error_log_section_title) %}
 [{{ check_error_log_section_title }}]
 recipe = slapos.cookbook:wrapper
 command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 3600
 filename = {{ check_error_log_section_title }}
 wrapper-path = {{ promise_directory }}/${:filename}

-{%   set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') -%}
-{%   do part_list.append(check_error_log_section_title) -%}
+{%   set check_error_log_section_title = 'check-%s-error-log-last-day' % slave_instance.get('slave_reference') %}
+{%   do part_list.append(check_error_log_section_title) %}
 [{{ check_error_log_section_title }}]
 recipe = slapos.cookbook:wrapper
 command-line = {{ bin_directory }}/check-error-on-apache-log -l {{ slave_instance.get('error_log') }} -d 86400
@@ -251,7 +251,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
 {%   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
 {%   if monitor_ipv6_test %}
 {%     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(monitor_ipv6_section_title) -%}
+{%     do part_list.append(monitor_ipv6_section_title) %}
 [{{ monitor_ipv6_section_title }}]
 recipe = slapos.cookbook:wrapper
 command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}} 
@@ -262,7 +262,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
 {%   set monitor_ipv4_test = slave_instance.get('monitor-ipv4-test', '') %}
 {%   if monitor_ipv4_test %}
 {%     set monitor_ipv4_section_title = 'check-%s-ipv4-packet-list-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(monitor_ipv4_section_title) -%}
+{%     do part_list.append(monitor_ipv4_section_title) %}
 [{{ monitor_ipv4_section_title }}]
 recipe = slapos.cookbook:wrapper
 command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}}
@@ -274,7 +274,7 @@ wrapper-path = {{ promise_directory }}/${:filename}
 {%   if re6st_optimal_test %}
 {%     set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
 {%     set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
-{%     do part_list.append(re6st_optimal_test_section_title) -%}
+{%     do part_list.append(re6st_optimal_test_section_title) %}
 [{{ re6st_optimal_test_section_title }}]
 recipe = slapos.cookbook:wrapper
 command-line = {{ bin_directory }}/check-re6st-optimal-status -4 {{re6st_ipv4}} -6 {{re6st_ipv6}}
@@ -285,27 +285,27 @@ wrapper-path = {{ promise_directory }}/${:filename}

 {# ###############################  #}
 {# Publish Slave Information        #}
-{%   if not extra_slave_instance_list -%}
-{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') -%}
-{%     do part_list.append(publish_section_title) -%}
+{%   if not extra_slave_instance_list %}
+{%     set publish_section_title = 'publish-%s-connection-information' % slave_instance.get('slave_reference') %}
+{%     do part_list.append(publish_section_title) %}
 [{{ publish_section_title }}]
 recipe = slapos.cookbook:publish
 {%     for key, value in slave_publish_dict.iteritems() %}
 {{ key }} = {{ value }}
 {%     endfor %}
-{%   else -%}
-{%     do slave_instance_information_list.append(slave_publish_dict) -%}
-{%   endif -%}
+{%   else %}
+{%     do slave_instance_information_list.append(slave_publish_dict) %}
+{%   endif %}

 {# End of the main for loop#}
-{% endfor -%}
+{% endfor %}

 ###############################################
 ### Prepare virtualhost for slaves using cache

 {% for slave_reference, slave_configuration_section_name in cached_server_dict.iteritems() %}
 {%   set cached_slave_configuration_section_title = '%s-cached-virtualhost' % slave_reference %}
-{%   do part_list.append(cached_slave_configuration_section_title) -%}
+{%   do part_list.append(cached_slave_configuration_section_title) %}
 [{{ cached_slave_configuration_section_title }}]
 < = jinja2-template-base
 template = {{ template_cached_slave_configuration }}
@@ -387,15 +387,15 @@ extra-context =
 recipe = slapos.cookbook:publish
 public-ipv4 = {{ public_ipv4 }}
 private-ipv4 = {{ local_ipv4 }}
-{% if extra_slave_instance_list -%}
+{% if extra_slave_instance_list %}
 slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list) }}
-{% endif -%}
+{% endif %}
 monitor-base-url = {{ monitor_base_url }}

 [buildout]
 parts +=
    slave-log-directories
-{% for part in part_list -%}
+{% for part in part_list %}
 {{ '    %s' % part }}
 {% endfor %}
    publish-caddy-information
@@ -412,4 +412,4 @@ develop-eggs-directory = {{ develop_eggs_directory }}
 offline = true
 cache-access = {{ cache_access }}

-{% endif -%}
+{% endif %}
--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
-{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
 {% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
-{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
-{%- set http_backend_host_list = [] %}
-{%- set https_backend_host_list = [] %}
-{%- for host in host_list %}
-{%-   do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
-{%-   do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
-{%- endfor %}
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
+{% set host_list = [slave_parameter.get('custom_domain')] + server_alias_list %}
+{% set http_backend_host_list = [] %}
+{% set https_backend_host_list = [] %}
+{% for host in host_list %}
+{%   do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
+{%   do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
+{% endfor %}

 # Only accept generic (i.e not Zope) backends on http
 {{ http_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
-{%- endif %}
+{% endif %}
 # Rewrite part
  proxy / {{ slave_parameter.get('backend_url', '') }} {
    # As backend is trusting REMOTE_USER header unset it always
@@ -22,34 +22,34 @@

    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
 }

 {{ https_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
-{%- endif %}
+{% endif %}
  proxy / {{ slave_parameter.get('https_backend_url', '') }} {
    # As backend is trusting REMOTE_USER header unset it always
    header_upstream -REMOTE_USER
    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
 }
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
-{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{%- set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES -%}
-{%- set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES -%}
-{%- set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES -%}
-{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() -%}
-{%- set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES -%}
-{%- set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
-{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() -%}
-{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES -%}
-{%- set slave_type = slave_parameter.get('type', '') -%}
-{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
-{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %}
-{%- set http_host_list = [] %}
-{%- set https_host_list = [] %}
-{%- for host in host_list %}
-{%-   do http_host_list.append('http://%s:%s' % (host, http_port)) %}
-{%-   do https_host_list.append('https://%s:%s' % (host, https_port)) %}
-{%- endfor %}
+{% set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
+{% set disable_no_cache_header = ('' ~ slave_parameter.get('disable-no-cache-request', '')).lower() in TRUE_VALUES %}
+{% set disable_via_header = ('' ~ slave_parameter.get('disable-via-header', '')).lower() in TRUE_VALUES %}
+{% set prefer_gzip = ('' ~ slave_parameter.get('prefer-gzip-encoding-to-backend', '')).lower() in TRUE_VALUES %}
+{% set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
+{% set enable_h2 = ('' ~ slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default'])).lower() in TRUE_VALUES %}
+{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES %}
+{% set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
+{% set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %}
+{% set slave_type = slave_parameter.get('type', '') %}
+{% set host_list = [slave_parameter.get('custom_domain')] + server_alias_list %}
+{% set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %}
+{% set http_host_list = [] %}
+{% set https_host_list = [] %}
+{% for host in host_list %}
+{%   do http_host_list.append('http://%s:%s' % (host, http_port)) %}
+{%   do https_host_list.append('https://%s:%s' % (host, https_port)) %}
+{% endfor %}
 {{ https_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
-{%- endif %}
+{% endif %}
  tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
-{%- if slave_parameter.get('path_to_ssl_ca_crt') %}
+{% if slave_parameter.get('path_to_ssl_ca_crt') %}
    clients {{ slave_parameter.get('path_to_ssl_ca_crt') }}
-{%- endif %}
-{%- if enable_h2 %}
+{% endif %}
+{% if enable_h2 %}
    alpn h2 http/1.1
-{%- else %}
+{% else %}
    alpn http/1.1
-{%- endif %}
+{% endif %}
  }
  log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ slave_parameter.get('error_log') }}
@@ -38,11 +38,11 @@
 # TODO-Caddy   SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:HIGH:!aNULL:!MD5
 # TODO-Caddy   SSLHonorCipherOrder on

-{%- for disabled_cookie in disabled_cookie_list %}
+{% for disabled_cookie in disabled_cookie_list %}
 # TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-{% endfor -%}
+{% endfor %}

-{%- if prefer_gzip %}
+{% if prefer_gzip %}
 # TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}

@@ -53,29 +53,29 @@

 {% if disable_via_header %}
    header_downstream -Via
-{% endif -%}
+{% endif %}

 {% if disable_no_cache_header %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{% endif -%}
+{% endif %}
    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
-  {% endif -%}
+  {% endif %}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
@@ -84,14 +84,14 @@
  redir 302 {
    /  {{ backend_url }}{uri}
  }
-{% else -%}
+{% else %}
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
-  {% endif -%}
-  {%- if backend_url %}
+  {% endif %}
+  {% if backend_url %}

  proxy / {{ backend_url }} {
    # As backend is trusting REMOTE_USER header unset it always
@@ -99,45 +99,45 @@

 {% if disable_via_header %}
    header_downstream -Via
-{% endif -%}
+{% endif %}

 {% if disable_no_cache_header %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{% endif -%}
+{% endif %}
    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
-  {%-   endif %}
-{% endif -%}
+  {%   endif %}
+{% endif %}
 }

 {{ http_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
-{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
-{%- endif %}
+{% endif %}

  log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ slave_parameter.get('error_log') }}

-{%- for disabled_cookie in disabled_cookie_list %}
+{% for disabled_cookie in disabled_cookie_list %}
 # TODO-Caddy {{'  RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie)  }}
-{% endfor -%}
+{% endfor %}

-{%- if prefer_gzip %}
+{% if prefer_gzip %}
 # TODO-Caddy   RequestHeader edit Accept-Encoding "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" "gzip"
 {% endif %}

-{%- if https_only %}
+{% if https_only %}
  redir / https://{host}{uri}
 {% elif slave_type ==  'redirect' and slave_parameter.get('url', '') %}
  redir 302 {
@@ -150,66 +150,66 @@

 {% if disable_via_header %}
    header_downstream -Via
-{% endif -%}
+{% endif %}

 {% if disable_no_cache_header %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{% endif -%}
+{% endif %}
    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
-  {% endif -%}
+  {% endif %}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
  }
-{% else -%}
+{% else %}
  {% if 'default-path' in slave_parameter %}
  redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
  }
-  {% endif -%}
-  {%- if slave_parameter.get('url', '') %}
+  {% endif %}
+  {% if slave_parameter.get('url', '') %}
  proxy / {{ slave_parameter.get('url', '') }} {
    # As backend is trusting REMOTE_USER header unset it always
    header_upstream -REMOTE_USER

 {% if disable_via_header %}
    header_downstream -Via
-{% endif -%}
+{% endif %}

 {% if disable_no_cache_header %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{% endif -%}
+{% endif %}
    transparent
    timeout 600s
-{%- if ssl_proxy_verify %}
-{%-   if 'ssl_proxy_ca_crt' in slave_parameter %}
+{% if ssl_proxy_verify %}
+{%   if 'ssl_proxy_ca_crt' in slave_parameter %}
 # TODO-Caddy   SSLProxyCACertificateFile {{ slave_parameter.get('path_to_ssl_proxy_ca_crt', '') }}
 #              Requires https://github.com/mholt/caddy/issues/1550 or "just adding your CA to the system's trust store"
-{%-   endif %}
-{%- else %}
+{%   endif %}
+{% else %}
    insecure_skip_verify
-{%- endif %}
+{% endif %}
  }
-{% endif -%}
-{% endif -%}
+{% endif %}
+{% endif %}
  # If nothing exist : put a nice error
 #  ErrorDocument 404 /notfound.html
 # Dadiboom

--- a/software/caddy-frontend/templates/nginx-eventsource-slave.conf.in
+++ b/software/caddy-frontend/templates/nginx-eventsource-slave.conf.in
-{% set url = slave_parameter.get('url') -%}
-{% set https_url = slave_parameter.get('https-url', url) -%}
-{% if url.startswith("http://") or url.startswith("https://") -%}
-{%   set upstream = url.split("/")[2] -%}
-{%   set https_upstream = https_url.split("/")[2] -%}
-{%   set protocol = url.split("/")[0] -%}
-{%   set https_protocol = https_url.split("/")[0] -%}
-{%   set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) -%}
-{%   set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) -%}
-{%- set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
-                                 ('ssl_certificate_key', 'path_to_ssl_key')] -%}
+{% set url = slave_parameter.get('url') %}
+{% set https_url = slave_parameter.get('https-url', url) %}
+{% if url.startswith("http://") or url.startswith("https://") %}
+{%   set upstream = url.split("/")[2] %}
+{%   set https_upstream = https_url.split("/")[2] %}
+{%   set protocol = url.split("/")[0] %}
+{%   set https_protocol = https_url.split("/")[0] %}
+{%   set proxy_pass = '%s//%s' % (protocol, slave_parameter.get('slave_reference')) %}
+{%   set https_proxy_pass = '%s//https_%s' % (protocol, slave_parameter.get('slave_reference')) %}
+{% set ssl_configuration_list = [('ssl_certificate', 'path_to_ssl_crt'),
+                                 ('ssl_certificate_key', 'path_to_ssl_key')] %}


 # TODO-Caddy upstream {{ slave_parameter.get('slave_reference') }} {
@@ -75,10 +75,10 @@
 # TODO-Caddy  ssl_prefer_server_ciphers on;
 # TODO-Caddy  ssl_session_cache shared:SSL:10m;

-{% for key, value in ssl_configuration_list -%}
-{%   if value in slave_parameter -%}
+{% for key, value in ssl_configuration_list %}
+{%   if value in slave_parameter %}
 # TODO-Caddy {{ '  %s' % key }} {{ slave_parameter.get(value) }};
-{% endif -%}
+{% endif %}
 {% endfor %}

 # TODO-Caddy  location /pub {
@@ -110,4 +110,4 @@
 # TODO-Caddy     default_type "text/event-stream; charset=utf-8";
 # TODO-Caddy  }
 # TODO-Caddy}
-{% endif -%}
+{% endif %}
--- a/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
+++ b/software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in
-{% set part_list = [] -%}
-{% set slave_information_dict = {} -%}
+{% set part_list = [] %}
+{% set slave_information_dict = {} %}

 # regroup slave information from all frontends
-{%- for frontend, slave_list_raw in slave_information.iteritems() -%}
+{% for frontend, slave_list_raw in slave_information.iteritems() %}
 {%   if slave_list_raw %}
-{%     set slave_list = json_module.loads(slave_list_raw) -%}
+{%     set slave_list = json_module.loads(slave_list_raw) %}
 {%   else %}
 {%    set slave_list = [] %}
 {%   endif %}
-{%   for slave_dict in slave_list -%}
+{%   for slave_dict in slave_list %}
 {%     set slave_reference = slave_dict.pop('slave-reference') %}
 {%     set log_access_url = slave_dict.pop('log-access', '') %}
 {%     set current_slave_dict = slave_information_dict.get(slave_reference, {}) %}
-{%     do current_slave_dict.update(slave_dict) -%}
+{%     do current_slave_dict.update(slave_dict) %}
 {%     set log_access_list = current_slave_dict.get('log-access-urls', []) %}
 {%     do log_access_list.append( frontend + ': ' + log_access_url) %}
 {%     do current_slave_dict.__setitem__(
@@ -22,22 +22,22 @@
 {%     do current_slave_dict.__setitem__(
            'replication_number',
            current_slave_dict.get('replication_number', 0) + 1
-            ) -%}
-{%     do slave_information_dict.__setitem__(slave_reference, current_slave_dict) -%}
-{%   endfor -%}
+            ) %}
+{%     do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %}
+{%   endfor %}
 {% endfor %}

 # Publish information for each slave
 {% for slave_reference, slave_information in slave_information_dict.iteritems() %}
-{%   set publish_section_title = 'publish-%s' % slave_reference -%}
-{%   do part_list.append(publish_section_title) -%}
+{%   set publish_section_title = 'publish-%s' % slave_reference %}
+{%   do part_list.append(publish_section_title) %}
 [{{ publish_section_title }}]
 recipe = slapos.cookbook:publish
 -slave-reference = {{ slave_reference }}
 log-access-url = {{ json_module.dumps(slave_information.pop('log-access-urls', 1000)) }}
-{%   for key, value in slave_information.iteritems() -%}
+{%   for key, value in slave_information.iteritems() %}
 {{ key }} = {{ value }}
-{%   endfor -%}
+{%   endfor %}
 {% endfor %}

 [buildout]