Commit 54e67543 authored by Łukasz Nowak's avatar Łukasz Nowak

software/rapid-cdn: Clean up in cluster parameters

Change how defaults are handled in the cluster:

 * master instance handles all defaults for all nodes
   * it is the one place with all defaults
   * depending on parameter style default is global for the cluster or can be
     specified per node with -frontend-config-<i>-parameter
 * kedifa and frontend nodes need everything to be passed, in order to
   simplify the request
 * configuration. defaults are dropped, as their scope is too large - they are
   not only defaulting the value on the master, but on each requested node
   which leads to extreme complexity of parameter passing
 * use extra_slave_instance_list only, as instance-slave-list is reserved
   parameter provided by slapos.cookbook:slapconfiguration, sent by SlapOS
   Master as slave_instance_list, to the master partition; enforce
   transmissions of slave list in extra_slave_instance_list and consider
   it's always present
 * useless replication_number return value is dropped
parent 9bf0ae40
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = 0fa7eddb6d4574e1299b967765691e15
md5sum = a7d4304064abb7bbac413aa4f90bd6b9
[profile-common]
filename = instance-common.cfg.in
......@@ -22,23 +22,23 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = e293575e125a1219ab640a9479dfd85f
md5sum = 86969db87ec9bbbaf5ab62206c325521
[profile-master]
filename = instance-master.cfg.in
md5sum = b225c7776cb4345f2b348b92d062bc1b
md5sum = db613696269d853bd8eda3c7c9a86c00
[profile-slave-list]
filename = instance-slave-list.cfg.in
md5sum = 546584898970e603ac20d576e22dec88
md5sum = 2339dbbdb2f7768ca8950f1f2b61ed39
[profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in
md5sum = cba4d995962f7fbeae3f61c9372c4181
md5sum = 83e62c4970892aac98d26fc77602ea5e
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 545a0ff2f2dfaeb4342232398d8c8ebe
md5sum = c90e0d9a1bd776e34af984b90cc2ff6c
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
......@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = 629f4cc34dd7512eb61f10eac4e62d7a
md5sum = eb6c795b59daa81f12549d2f4c569838
[template-empty]
_update_hash_filename_ = templates/empty.in
......@@ -62,11 +62,11 @@ md5sum = 975177dedf677d24e14cede5d13187ce
[template-trafficserver-records-config]
_update_hash_filename_ = templates/trafficserver/records.config.jinja2
md5sum = 715baa302d562a7e4eddc3d1bf72f981
md5sum = 4d980dbf70413c1758dda72c12c02246
[template-trafficserver-storage-config]
_update_hash_filename_ = templates/trafficserver/storage.config.jinja2
md5sum = d022455a8610bac2dd51101edb035987
md5sum = a45d35e4b847642fda8c2703dff92fcc
[template-trafficserver-logging-yaml]
_update_hash_filename_ = templates/trafficserver/logging.yaml.jinja2
......@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
[profile-kedifa]
filename = instance-kedifa.cfg.in
md5sum = b9f1210005bcfff01235255f43d0b088
md5sum = ea0cdc8349ec957094bfa341ecbe2321
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
......@@ -119,3 +119,11 @@ md5sum = b79addf01b6fb93c2f3d018e83eff766
[template-expose-csr-nginx-conf]
_update_hash_filename_ = templates/expose-csr-nginx.conf.in
md5sum = 5620baa8819fcc8340fa6777ee551a1a
[instance-slave-input-schema]
filename = instance-slave-input-schema.json
md5sum = f7262223975640d7200bdf9e99dd79e4
[instance-input-schema]
filename = instance-input-schema.json
md5sum = 6b547e0ec8e207ce70a4d46388acafac
{% import "caucase" as caucase with context %}
{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
{%- set HTTP3_PORT = instance_parameter_dict.get('configuration.http3-port', '443') %}
{%- if instance_parameter_dict.get('configuration.enable-http3', 'false').lower() in TRUE_VALUES %}
{%- set FRONTEND_HTTP3 = True %}
{%- else %}
{%- set FRONTEND_HTTP3 = False %}
{%- endif %}
{%- set HTTP3_PORT = instance_parameter_dict['configuration']['http3-port'] %}
{%- set FRONTEND_HTTP3 = instance_parameter_dict['configuration']['enable-http3'] %}
{%- if FRONTEND_HTTP3 %}
{%- set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
{%- else %}
......@@ -236,7 +231,7 @@ command =
-new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \
-keyout ${:certificate} \
-subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration.frontend-name'] }}" \
-subj "/CN=Fallback certificate/OU={{ instance_parameter_dict['configuration']['frontend-name'] }}" \
-out ${:certificate}'
[jinja2-template-base]
......@@ -328,7 +323,7 @@ crl = ${:d}/crl.pem
[backend-client-login-csr]
recipe = plone.recipe.command
organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
organizational_unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
organizational_unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
command =
{% if instance_parameter_dict['configuration']['backend-client-caucase-url'] %}
if [ ! -f ${:template-csr} ] && [ ! -f ${:key} ] ; then
......@@ -366,15 +361,17 @@ filename = instance-slave-list.cfg
master_key_download_url = {{ dumps(instance_parameter_dict['configuration']['master-key-download-url']) }}
software_type = single-custom-personal
organization = {{ instance_parameter_dict['configuration']['cluster-identification'] }}
organizational-unit = {{ instance_parameter_dict['configuration.frontend-name'] }}
organizational-unit = {{ instance_parameter_dict['configuration']['frontend-name'] }}
backend-client-caucase-url = {{ instance_parameter_dict['configuration']['backend-client-caucase-url'] }}
url-ready-file = ${directory:var}/url-ready.txt
http3-enable = {{ FRONTEND_HTTP3 }}
http3-enable = {{ dumps(FRONTEND_HTTP3) }}
SLAVE_DEFAULTS = {{ dumps(SLAVE_DEFAULTS) }}
extra-context =
key backend_client_caucase_url :backend-client-caucase-url
import furl_module furl
import urllib_module urllib
import operator_module operator
key SLAVE_DEFAULTS :SLAVE_DEFAULTS
key master_key_download_url :master_key_download_url
key url_ready_file :url-ready-file
key expose_csr_organization :organization
......@@ -484,8 +481,8 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
http3-enable = {{ FRONTEND_HTTP3 }}
http3-port = {{ HTTP3_PORT }}
http3-enable = {{ dumps(FRONTEND_HTTP3) }}
http3-port = {{ dumps(HTTP3_PORT) }}
# BBB: SlapOS Master non-zero knowledge BEGIN
[get-self-signed-fallback-access]
......@@ -817,7 +814,7 @@ statistic-certificate = ${self-signed-ip-access:certificate}
statistic-port = ${configuration:backend-haproxy-statistic-port}
statistic-username = ${monitor-instance-parameter:username}
statistic-password = ${monitor-htpasswd:passwd}
statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
statistic-identification = {{ instance_parameter_dict['configuration']['frontend-name'] + ' @ ' + instance_parameter_dict['configuration']['cluster-identification'] }}
statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
version-hash = ${version-hash:value}
node-id = ${frontend-node-id:value}
......@@ -959,8 +956,8 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u'
monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
[monitor-conf-parameters]
private-path-list +=
......@@ -1000,20 +997,20 @@ config-url = ${configuration:re6st-verification-url}
[slave-introspection-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Slave Introspection Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
name = Slave Introspection Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.slave-introspection-https-port'] }}/
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['slave-introspection-https-port'] }}/
config-https-only = true
return = secure_access
[backend-haproxy-statistic-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration.frontend-name'] }}
name = Backend Haproxy Statistic Frontend {{ instance_parameter_dict['configuration']['frontend-name'] }}
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration.backend-haproxy-statistic-port'] }}/
config-url = https://[${slap-configuration:ipv6-random}]:{{ instance_parameter_dict['configuration']['backend-haproxy-statistic-port'] }}/
config-https-only = true
return = domain secure_access
......@@ -1124,10 +1121,8 @@ config-filename = ${logrotate-setup-validate:state-file}
config-state = empty
[configuration]
{%- for key, value in instance_parameter_dict.items() -%}
{%- if key.startswith('configuration.') %}
{{ key.replace('configuration.', '') }} = {{ dumps(value) }}
{%- endif -%}
{% for key, value in instance_parameter_dict['configuration'].items() %}
{{ key }} = {{ dumps(value) }}
{%- endfor %}
[instance-parameter-section]
......@@ -1135,7 +1130,7 @@ config-state = empty
{#- XXX: Some other approach would be useful #}
{%- set DROP_KEY_LIST = ['recipe', '__buildout_signature__', 'computer', 'partition', 'url', 'key', 'cert'] %}
{%- for key, value in instance_parameter_dict.items() -%}
{%- if not key.startswith('configuration.') and key not in DROP_KEY_LIST %}
{%- if not key.startswith('configuration') and key not in DROP_KEY_LIST %}
{{ key }} = {{ dumps(value) }}
{%- endif -%}
{%- endfor %}
......
......@@ -4,25 +4,29 @@
"-frontend-quantity": {
"description": "Quantity of Frontends Replicate.",
"title": "Frontend Replication Quantity",
"type": "integer"
"type": "integer",
"default": 1
},
"apache-certificate": {
"description": "SSL Certificate used by the server. By appending to it CA certificate it is possible to use this field to replace not implemented apache-ca-certificate. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Certificate, with optional CA certificate",
"type": "string"
"type": "string",
"default": ""
},
"apache-key": {
"description": "SSL Key used by the server. Deprecated, please use master-key-upload-url.",
"textarea": true,
"title": "[DEPRECATED] SSL Key",
"type": "string"
"type": "string",
"default": ""
},
"domain": {
"description": "Domain used to generate automatic hostnames for slaves. For example 'example.com' will result with slave hostname 'slaveref.example.com'.",
"format": "idn-hostname",
"title": "Domain",
"type": "string"
"type": "string",
"default": "example.org"
},
"enable-http2-by-default": {
"default": "true",
......@@ -119,6 +123,16 @@
"title": "Default size of disk cache on each node (bytes)",
"description": "The value can be provided with suffix 'K', 'M', 'G'",
"type": "string"
},
"plain_http_port": {
"default": 8080,
"title": "Port to which frontend node shall bind to serve HTTP traffic",
"type": "integer"
},
"port": {
"default": 4443,
"title": "Port to which frontend node shall bind to serve HTTPS (and HTTP/3) traffic",
"type": "integer"
}
},
"title": "Input Parameters",
......
......@@ -25,14 +25,14 @@ parts =
# Note: Workaround for monitor stack, which uses monitor-httpd-port parameter
# directly, and in our case it can come from the network, thus resulting
# with need to strip !py!'u'
monitor-httpd-port = {{ instance_parameter_dict['configuration.monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration.monitor-password'] | string }}
monitor-httpd-port = {{ instance_parameter_dict['configuration']['monitor-httpd-port'] | int }}
password = {{ instance_parameter_dict['configuration']['monitor-password'] | string }}
[caucased]
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
{% set caucase_host = '[' ~ instance_parameter_dict['ipv6-random'] ~ ']' %}
{% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration.caucase_port'] -%}
{% set caucase_netloc = caucase_host ~ ':' ~ instance_parameter_dict['configuration']['caucase_port'] -%}
{% set caucase_url = 'http://' ~ caucase_netloc -%}
{{ caucase.caucased(
prefix='caucased',
......@@ -198,7 +198,7 @@ context =
[kedifa-config]
ip = {{ instance_parameter_dict['ipv6-random'] }}
port = {{ instance_parameter_dict['configuration.kedifa_port'] }}
port = {{ instance_parameter_dict['configuration']['kedifa_port'] }}
db = ${directory:kedifa}/kedifa.sqlite
certificate = ${directory:etc-kedifa}/certificate.pem
key = ${:certificate}
......@@ -230,7 +230,7 @@ config-ca-cert-file = ${kedifa-config:ca-certificate}
<= logrotate-entry-base
name = kedifa
log = ${kedifa-config:logfile}
rotate-num = {{ instance_parameter_dict['configuration.rotate-num'] | int }}
rotate-num = {{ instance_parameter_dict['configuration']['rotate-num'] | int }}
delaycompress =
[kedifa]
......
......@@ -19,10 +19,6 @@
'log-access-urls',
log_access_list
) %}
{% do current_slave_dict.__setitem__(
'replication_number',
current_slave_dict.get('replication_number', 0) + 1
) %}
{% do slave_information_dict.__setitem__(slave_reference, current_slave_dict) %}
{% endfor %}
{% endfor %}
......
This diff is collapsed.
......@@ -208,9 +208,8 @@
"type": "integer"
},
"ciphers": {
"title": "Ordered space separated list of ciphers",
"type": "string",
"default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
"title": "Ordered space separated list of ciphers. Defaults to cluster setup.",
"type": "string"
},
"authenticate-to-backend": {
"description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
......@@ -262,25 +261,25 @@
"health-check-timeout": {
"title": "Health Check Timeout (seconds)",
"description": "A timeout to for the request to be fulfilled, after connection happen.",
"default": "2",
"default": 2,
"type": "integer"
},
"health-check-interval": {
"title": "Health Check Interval (seconds)",
"description": "An interval of health check.",
"default": "5",
"default": 5,
"type": "integer"
},
"health-check-rise": {
"title": "Health Check Rise",
"description": "Amount of correct responses from the backend to consider it up.",
"default": "1",
"default": 1,
"type": "integer"
},
"health-check-fall": {
"title": "Health Check Fall",
"description": "Amount of bad responses from the backend to consider it down.",
"default": "1",
"default": 1,
"type": "integer"
},
"health-check-failover-url": {
......@@ -324,7 +323,7 @@
"strict-transport-security": {
"title": "Strict Transport Security",
"description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
"default": "0",
"default": 0,
"type": "integer"
},
"strict-transport-security-sub-domains": {
......
......@@ -18,10 +18,6 @@
"description": "List of URLs to access logs",
"type": "array"
},
"replication_number": {
"description": "Number of nodes the slave is replicated",
"type": "integer"
},
"secure_access": {
"description": "URL for HTTP access",
"type": "string"
......
......@@ -37,6 +37,50 @@ kedifa = dynamic-profile-kedifa:output
{{ key }} = {{ dumps(value) }}
{% endfor -%}
[schema-json-to-default]
recipe = slapos.recipe.build
init =
import json
default_dict = dict()
with open(options['input']) as fh:
input_json = json.load(fh)
input_mapping = {}
if 'input-mapping' in options:
for mapping_line in options['input-mapping'].splitlines():
filename, section = mapping_line.split()
input_mapping[filename] = section
def fetchLevel(input_json):
default_dict = {}
for property, value_dict in input_json['properties'].items():
if value_dict.get('type') == 'object' and 'allOf' in value_dict:
value = {}
for entry in value_dict['allOf']:
with open(input_mapping[entry['$ref']]) as in_fh:
in_input_json = json.load(in_fh)
value.update(fetchLevel(in_input_json))
default_dict[property] = value
elif 'default' in value_dict:
if value_dict['default'] in ['false', 'true']:
# input schema json type is mostly incorrect, so guess the most
# important boolean type
default_dict[property] = value_dict['default'] == 'true'
else:
default_dict[property] = value_dict['default']
elif 'properties' in value_dict:
default_dict[property] = fetchLevel(value_dict)
else:
default_dict[property] = None
return default_dict
options['defaults'] = fetchLevel(input_json)
[instance-slave-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_slave_input_schema'] }}
[instance-default]
<= schema-json-to-default
input = {{ software_parameter_dict['instance_input_schema'] }}
[dynamic-profile-frontend]
< = jinja2-template-base
url = {{ software_parameter_dict['profile_frontend'] }}
......@@ -44,6 +88,7 @@ filename = instance-frontend.cfg
extra-context =
import furl_module furl
raw software_type single-custom-personal
key SLAVE_DEFAULTS instance-slave-default:defaults
[dynamic-profile-master]
< = jinja2-template-base
......@@ -56,6 +101,8 @@ extra-context =
import operator_module operator
import validators validators
import software software
key CLUSTER_DEFAULTS instance-default:defaults
key SLAVE_DEFAULTS instance-slave-default:defaults
# Must match the key id in [switch-softwaretype] which uses this section.
raw software_type RootSoftwareInstance-default-custom-personal-replicate
......@@ -75,35 +122,3 @@ partition = ${slap-connection:partition-id}
url = ${slap-connection:server-url}
key = ${slap-connection:key-file}
cert = ${slap-connection:cert-file}
# Define default parameter(s) that will be used later, in case user didn't
# specify it
# All parameters are available through the configuration.XX syntax.
# All possible parameters should have a default.
configuration.domain = example.org
configuration.port = 4443
configuration.plain_http_port = 8080
configuration.plain_nginx_port = 8081
configuration.nginx_port = 9443
configuration.kedifa_port = 7879
# Warning: Caucase takes also cacuase_port+1
configuration.caucase_port = 8890
configuration.caucase_backend_client_port = 8990
configuration.apache-key =
configuration.apache-certificate =
configuration.disk-cache-size = 8G
configuration.ram-cache-size = 1G
configuration.re6st-verification-url =
configuration.enable-http2-by-default = true
configuration.enable-http3 = false
configuration.http3-port = 443
configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
configuration.request-timeout = 600
configuration.frontend-name =
configuration.backend-connect-timeout = 5
configuration.backend-connect-retries = 3
configuration.backend-haproxy-http-port = 21080
configuration.backend-haproxy-https-port = 21443
configuration.backend-haproxy-statistic-port = 21444
configuration.authenticate-to-backend = False
configuration.rotate-num = 4000
configuration.slave-introspection-https-port = 22443
......@@ -97,6 +97,8 @@ template_trafficserver_storage_config = ${template-trafficserver-storage-config:
template_validate_script = ${template-validate-script:target}
template_wrapper = ${template-wrapper:output}
template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
instance_slave_input_schema = ${instance-slave-input-schema:target}
instance_input_schema = ${instance-input-schema:target}
# directories
bin_directory = ${buildout:bin-directory}
......@@ -210,6 +212,12 @@ output = ${buildout:directory}/template-wrapper.cfg
[template-frontend-haproxy-rsyslogd-conf]
<=download-template
[instance-slave-input-schema]
<=download-profile
[instance-input-schema]
<=download-profile
[versions]
kedifa = 0.0.7
# Modern KeDiFa requires zc.lockfile
......
......@@ -77,7 +77,7 @@ frontend https-backend
{%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
{%- endif %}
{%- do ssl_list.append('ssl verify') %}
{%- if slave_instance['ssl_proxy_verify'] %}
{%- if slave_instance['ssl-proxy-verify'] %}
{%- if slave_instance['path_to_ssl_proxy_ca_crt'] %}
{%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
{%- else %}
......
{%- if configuration['http3-enable'] == 'True' %}
{%- set HTTP3 = True %}
{%- else %}
{%- set HTTP3 = False %}
{%- endif %}
global
pidfile {{ configuration['pid-file'] }}
# master-worker is compatible with foreground with process management
......@@ -60,7 +55,7 @@ frontend http-frontend
frontend https-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
{%- if HTTP3 %}
{%- if configuration['http3-enable'] %}
bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
{%- endif %}
......@@ -76,7 +71,7 @@ frontend https-frontend
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- if HTTP3 and slave_instance['enable-http3'] %}
{%- if configuration['http3-enable'] and slave_instance['enable-http3'] %}
http-after-response set-header alt-svc "h3=\":{{ configuration['http3-port'] }}\"; ma=3600"
{#- Ask Chromium to use HTTP3 #}
http-after-response set-header alternate-protocol {{ configuration['http3-port'] }}:quic
......@@ -112,7 +107,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
http-after-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'].split() %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %}
{%- if slave_instance['disable-no-cache-request'] %}
......
......@@ -156,7 +156,7 @@ CONFIG proxy.config.net.max_requests_in INT 10000
# https://docs.trafficserver.apache.org/records.config#ram-cache
# https://docs.trafficserver.apache.org/en/latest/admin-guide/files/storage.config.en.html
##############################################################################
CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration.get('ram-cache-size', '1G') }}
CONFIG proxy.config.cache.ram_cache.size INT {{ ats_configuration['ram-cache-size'] }}
CONFIG proxy.config.cache.ram_cache_cutoff INT 4194304
# https://docs.trafficserver.apache.org/records.config#proxy-config-cache-limits-http-max-alts
CONFIG proxy.config.cache.limits.http.max_alts INT 5
......
......@@ -50,4 +50,4 @@
# A small default cache (256MB). This is set to allow for the regression test to succeed
# most likely you'll want to use a larger cache. And, we definitely recommend the use
# of raw devices for production caches.
{{ ats_configuration.get("cache-path") }} {{ ats_configuration.get("disk-cache-size") }}
{{ ats_configuration["cache-path"] }} {{ ats_configuration["disk-cache-size"] }}
......@@ -69,6 +69,7 @@ from cryptography.x509.oid import NameOID
from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
from slapos.testing.utils import findFreeTCPPort
from slapos.testing.utils import getPromisePluginParameterDict
if __name__ == '__main__':
SlapOSInstanceTestCase = object
else:
......@@ -76,6 +77,7 @@ else:
os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg')))
# ports chosen to not collide with test systems
HTTP_PORT = '11080'
HTTPS_PORT = '11443'
......@@ -1394,7 +1396,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
hostname = reference.replace('_', '').replace('-', '').lower()
expected_parameter_dict.update(**{
'domain': '%s.example.com' % (hostname,),
'replication_number': '1',
'url': 'http://%s.example.com' % (hostname, ),
'site_url': 'http://%s.example.com' % (hostname, ),
'secure_access': 'https://%s.example.com' % (hostname, ),
......@@ -4867,7 +4868,7 @@ class TestSlaveHttp3(TestSlave):
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
'request-timeout': '12',
'enable-http3': 'True',
'enable-http3': True,
'http3-port': HTTPS_PORT,
}
max_client_version = '3.0'
......@@ -4993,7 +4994,6 @@ class TestReplicateSlave(
self.assertEqual(
{
'domain': 'replicate.example.com',
'replication_number': '2',
'url': 'http://replicate.example.com',
'site_url': 'http://replicate.example.com',
'secure_access': 'https://replicate.example.com',
......@@ -6479,7 +6479,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
self.assertEqual(
{
'domain': 'defaultpathunsafe.example.com',
'replication_number': '1',
'url': 'http://defaultpathunsafe.example.com',
'site_url': 'http://defaultpathunsafe.example.com',
'secure_access': 'https://defaultpathunsafe.example.com',
......@@ -6822,14 +6821,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com',
'enable-http2-by-default': 'True',
'enable-http3': 'false',
'enable-http3': False,
'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-1',
'http3-port': '443',
'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8411,
......@@ -6839,6 +6842,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'ram-cache-size': '512K',
're6st-verification-url': 're6st-verification-url',
'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}'
},
'caddy-frontend-2': {
......@@ -6849,14 +6854,18 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com',
'enable-http2-by-default': 'True',
'enable-http3': 'false',
'enable-http3': False,
'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-2',
'http3-port': '443',
'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8412,
......@@ -6866,6 +6875,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'ram-cache-size': '256K',
're6st-verification-url': 're6st-verification-url',
'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}'
},
'caddy-frontend-3': {
......@@ -6876,22 +6887,29 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'backend-client-caucase-url': backend_client_caucase_url,
'backend-connect-retries': '1',
'backend-connect-timeout': '2',
'backend-haproxy-http-port': 21080,
'backend-haproxy-https-port': 21443,
'backend-haproxy-statistic-port': 21444,
'ciphers': 'ciphers',
'cluster-identification': 'testing partition 0',
'disk-cache-size': '8G',
'domain': 'example.com',
'enable-http2-by-default': 'True',
'enable-http3': 'false',
'enable-http3': False,
'extra_slave_instance_list': '[]',
'frontend-name': 'caddy-frontend-3',
'http3-port': '443',
'http3-port': 443,
'kedifa-caucase-url': kedifa_caucase_url,
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': 8413,
'monitor-username': 'admin',
'plain_http_port': '11080',
'port': '11443',
'ram-cache-size': '1G',
're6st-verification-url': 're6st-verification-url',
'request-timeout': '100',
'rotate-num': 4000,
'slave-introspection-https-port': 22443,
'slave-kedifa-information': '{}'
},
'kedifa': {
......@@ -6902,6 +6920,7 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
'monitor-cors-domains': 'monitor.app.officejs.com',
'monitor-httpd-port': '8402',
'monitor-username': 'admin',
'rotate-num': 4000,
'slave-list': []
},
'testing partition 0': {
......@@ -7084,7 +7103,7 @@ backend _health-check-connect-http
timeout connect 5s
retries 3
server _health-check-connect-backend-http %s check inter 5s"""
""" rise 1 fall 2
""" rise 1 fall 1
timeout check 2s""" % (backend,),
'health-check-custom': """\
backend _health-check-custom-http
......@@ -7101,7 +7120,7 @@ backend _health-check-default-http
timeout connect 5s
retries 3
server _health-check-default-backend-http %s check inter 5s"""
""" rise 1 fall 2
""" rise 1 fall 1
option httpchk GET / HTTP/1.1
timeout check 2s""" % (backend, )
}
......
......@@ -25,6 +25,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": []
},
"full_address_list": [],
......@@ -39,12 +40,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"enable-http3": "false",
"disk-cache-size": "8G",
"domain": "example.org",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -53,6 +66,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}"
},
"full_address_list": [],
......
......@@ -23,6 +23,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": []
},
"full_address_list": [],
......@@ -37,12 +38,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"enable-http3": "false",
"disk-cache-size": "8G",
"domain": "example.org",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -51,6 +64,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}"
},
"full_address_list": [],
......
......@@ -24,6 +24,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": []
},
"full_address_list": [],
......@@ -38,13 +39,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -53,6 +65,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{}"
},
"full_address_list": [],
......
......@@ -33,6 +33,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"enable_cache": true,
......@@ -53,13 +54,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -68,7 +80,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": "http://@@_ipv4_address@@:@@_server_http_port@@/re6st.html",
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@/@@default_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
......@@ -36,6 +36,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"enable_cache": true,
......@@ -56,13 +57,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -71,6 +83,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......@@ -85,13 +102,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-2",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -100,6 +128,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_replicate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@/@@replicate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@replicate_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
......@@ -41,6 +41,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"enable_cache": true,
......@@ -67,14 +68,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -83,6 +94,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
......@@ -56,6 +56,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"custom_domain": "*.example.com",
......@@ -93,13 +94,24 @@
},
{
"_": {
"apache-certificate": "",
"apache-key": "",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -108,7 +120,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": "12",
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
......@@ -34,6 +34,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"enable_cache": true,
......@@ -56,13 +57,22 @@
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -71,6 +81,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
......@@ -34,6 +34,7 @@
"monitor-httpd-port": "8402",
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"rotate-num": 4000,
"slave-list": [
{
"enable_cache": true,
......@@ -56,13 +57,22 @@
"_": {
"apache-certificate": "@@certificate_pem@@",
"apache-key": "@@key_pem@@",
"authenticate-to-backend": false,
"backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
"backend-connect-retries": 3,
"backend-connect-timeout": 5,
"backend-haproxy-http-port": 21080,
"backend-haproxy-https-port": 21443,
"backend-haproxy-statistic-port": 21444,
"ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA",
"cluster-identification": "testing partition 0",
"disk-cache-size": "8G",
"domain": "example.com",
"enable-http3": "false",
"enable-http2-by-default": true,
"enable-http3": false,
"extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"http3-port": 443,
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
"master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
"monitor-cors-domains": "monitor.app.officejs.com",
......@@ -71,6 +81,11 @@
"monitor-username": "admin",
"plain_http_port": "11080",
"port": "11443",
"ram-cache-size": "1G",
"re6st-verification-url": null,
"request-timeout": 600,
"rotate-num": 4000,
"slave-introspection-https-port": 22443,
"slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment