Skip to content

slapos
slapos
Commit 25ce84fc authored by Łukasz Nowak's avatar Łukasz Nowak
Browse files
Options

Update Release Candidate

parents f01ecbb1 69e1c0c9
Pipeline #13332 failed with stage
    in 0 seconds
    Hide whitespace changes
    Inline Side-by-side
    Showing with 521 additions and 545 deletions
    component/trafficserver/buildout.cfg
    View file @ 25ce84fc
    ......@@ -28,7 +28,7 @@ md5sum = 4f4d1e7de19c77157be0c2a825b31026
    shared = true
    patch-options = -p1
    patches =
    ${:_profile_base_location_}/trafficserver-8.1-stale-negative-cache-not-returnable.patch#e1a2f8a23f00cee1301ccf1a84e46763
    https://github.com/apache/trafficserver/commit/3d0492f7276bb93aff499f637ff843c45908b193.patch#f23dd950acc0395fe7bc72264987c013
    configure-options =
    --with-openssl=${openssl:location}
    --with-pcre=${pcre:location}
    ......
    component/trafficserver/trafficserver-8.1-stale-negative-cache-not-returnable.patch deleted 100644 → 0
    View file @ f01ecbb1
    --- trafficserver-8.1.1/proxy/http/HttpTransact.cc.orig 2020-12-01 00:30:26.000000000 +0100
    +++ trafficserver-8.1.1/proxy/http/HttpTransact.cc 2021-01-11 11:35:41.946893735 +0100
    @@ -5752,6 +5752,7 @@
    HttpTransact::is_stale_cache_response_returnable(State *s)
    {
    HTTPHdr *cached_response = s->cache_info.object_read->response_get();
    + HTTPStatus cache_response_code = cached_response->status_get();
    // First check if client allows cached response
    // Note does_client_permit_lookup was set to
    @@ -5760,6 +5761,12 @@
    if (!s->cache_info.directives.does_client_permit_lookup) {
    return false;
    }
    + // We don't serve stale negative cache.
    + if (cache_response_code == HTTP_STATUS_INTERNAL_SERVER_ERROR || cache_response_code == HTTP_STATUS_GATEWAY_TIMEOUT ||
    + cache_response_code == HTTP_STATUS_BAD_GATEWAY || cache_response_code == HTTP_STATUS_SERVICE_UNAVAILABLE) {
    + TxnDebug("http_trans", "[is_stale_cache_response_returnable] stale negative cache");
    + return false;
    + }
    // Spec says that we can not serve a stale document with a
    // "must-revalidate header"
    // How about "s-maxage" and "no-cache" directives?
    software/caddy-frontend/README.caddy_frontend.rst
    View file @ 25ce84fc
    ......@@ -60,14 +60,12 @@ This is to deploy an entire frontend server with a public IPv4. If you want to
    First, you will need to request a "master" instance of Caddy Frontend with:
    * A ``domain`` parameter where the frontend will be available
    * A ``public-ipv4`` parameter to state which public IPv4 will be used
    like::
    <?xml version='1.0' encoding='utf-8'?>
    <instance>
    <parameter id="domain">moulefrite.org</parameter>
    <parameter id="public-ipv4">xxx.xxx.xxx.xxx</parameter>
    </instance>
    Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like::
    ......@@ -189,10 +187,6 @@ Name of the domain to be used (example: mydomain.com). Sub domains of this domai
    Using the IP given by the Master Instance. "domain" is a mandatory Parameter.
    public-ipv4
    ~~~~~~~~~~~
    Public ipv4 of the frontend (the one Caddy will be indirectly listening to)
    port
    ~~~~
    Port used by Caddy. Optional parameter, defaults to 4443.
    ......
    software/caddy-frontend/buildout.hash.cfg
    View file @ 25ce84fc
    ......@@ -14,7 +14,7 @@
    # not need these here).
    [template]
    filename = instance.cfg.in
    md5sum = 28bf0c4c75c028bed79fc38786831b3e
    md5sum = de69a8c408ce4f228fc22eacb7e96657
    [profile-common]
    filename = instance-common.cfg.in
    ......@@ -22,15 +22,15 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
    [profile-caddy-frontend]
    filename = instance-apache-frontend.cfg.in
    md5sum = e8db3179e3278c6390a786cdcc947173
    md5sum = a6a626fd1579fd1d4b80ea67433ca16a
    [profile-caddy-replicate]
    filename = instance-apache-replicate.cfg.in
    md5sum = 2329022227099971a57f710832509153
    md5sum = 7cb8157d2b368ab3b281ea42f743eb9c
    [profile-slave-list]
    _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
    md5sum = 2cbcdff6fe75ec469ab7d6accd72f83c
    md5sum = 772c04c165fdae91299fd909e061f926
    [profile-replicate-publish-slave-information]
    _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
    ......@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d
    [template-default-slave-virtualhost]
    _update_hash_filename_ = templates/default-virtualhost.conf.in
    md5sum = bd9e269130bac989faa639e0903814e2
    md5sum = a0ae858a3db8825c22d33d323392f588
    [template-backend-haproxy-configuration]
    _update_hash_filename_ = templates/backend-haproxy.cfg.in
    md5sum = 5c807d34198f334b143cfa9263f6bc4e
    md5sum = 0923a9227c131d2f1e11d7ddd5b15673
    [template-empty]
    _update_hash_filename_ = templates/empty.in
    ......
    software/caddy-frontend/instance-apache-frontend.cfg.in
    View file @ 25ce84fc
    ......@@ -287,6 +287,7 @@ extra-context =
    key backend_client_caucase_url :backend-client-caucase-url
    import urlparse_module urlparse
    import furl_module furl
    import urllib_module urllib
    key master_key_download_url :master_key_download_url
    key autocert caddy-directory:autocert
    key caddy_log_directory caddy-directory:slave-log
    ......
    software/caddy-frontend/instance-apache-replicate.cfg.in
    View file @ 25ce84fc
    ......@@ -15,13 +15,13 @@
    'enable-http2-by-default',
    'global-disable-http2',
    'mpm-graceful-shutdown-timeout',
    'public-ipv4',
    're6st-verification-url',
    'backend-connect-timeout',
    'backend-connect-retries',
    'ciphers',
    'request-timeout',
    'authenticate-to-backend',
    'strict-transport-security',
    ]
    %}
    {% set aikc_enabled = slapparameter_dict.get('automatic-internal-kedifa-caucase-csr', 'true').lower() in TRUE_VALUES %}
    ......@@ -135,23 +135,30 @@ context =
    {% if backend_active_check_http_version not in ['HTTP/1.1', 'HTTP/1.0'] %}
    {% do slave_error_list.append('Wrong backend-active-check-http-version %s' % (backend_active_check_http_version,)) %}
    {% endif %}
    {% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(False) %}
    {% if backend_active_check_timeout in [False] or backend_active_check_timeout <= 0 %}
    {% set backend_active_check_timeout = (slave.get('backend-active-check-timeout') or '2') | int(false) %}
    {% if backend_active_check_timeout is false or backend_active_check_timeout <= 0 %}
    {% do slave_error_list.append('Wrong backend-active-check-timeout %s' % (slave.get('backend-active-check-timeout'),)) %}
    {% endif %}
    {% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(False) %}
    {% if backend_active_check_interval in [False] or backend_active_check_interval <= 0 %}
    {% set backend_active_check_interval = (slave.get('backend-active-check-interval') or '5') | int(false) %}
    {% if backend_active_check_interval is false or backend_active_check_interval <= 0 %}
    {% do slave_error_list.append('Wrong backend-active-check-interval %s' % (slave.get('backend-active-check-interval'),)) %}
    {% endif %}
    {% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(False) %}
    {% if backend_active_check_rise in [False] or backend_active_check_rise <= 0 %}
    {% set backend_active_check_rise = (slave.get('backend-active-check-rise') or '1') | int(false) %}
    {% if backend_active_check_rise is false or backend_active_check_rise <= 0 %}
    {% do slave_error_list.append('Wrong backend-active-check-rise %s' % (slave.get('backend-active-check-rise'),)) %}
    {% endif %}
    {% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(False) %}
    {% if backend_active_check_fall in [False] or backend_active_check_fall <= 0 %}
    {% set backend_active_check_fall = (slave.get('backend-active-check-fall') or '1') | int(false) %}
    {% if backend_active_check_fall is false or backend_active_check_fall <= 0 %}
    {% do slave_error_list.append('Wrong backend-active-check-fall %s' % (slave.get('backend-active-check-fall'),)) %}
    {% endif %}
    {% endif %}
    {# Check virtualhostroot-http-port and virtualhostroot-https-port #}
    {% for key in ['virtualhostroot-http-port', 'virtualhostroot-https-port'] %}
    {% set value = (slave.get(key) or '1') | int(false) %}
    {% if value is false or value < 0 %}
    {% do slave_error_list.append('Wrong %s %r' % (key, slave.get(key))) %}
    {% endif %}
    {% endfor %}
    {# Check ciphers #}
    {% set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
    {% if slave_cipher_list %}
    ......@@ -161,6 +168,11 @@ context =
    {% endif %}
    {% endfor %}
    {% endif %}
    {# Check strict-transport-security #}
    {% set strict_transport_security = (slave.get('strict-transport-security') or '0') | int(false) %}
    {% if strict_transport_security is false or strict_transport_security < 0 %}
    {% do slave_error_list.append('Wrong strict-transport-security %s' % (slave.get('strict-transport-security'),)) %}
    {% endif %}
    {% set custom_domain = slave.get('custom_domain') %}
    {% if custom_domain and custom_domain in used_host_list %}
    {% do slave_error_list.append('custom_domain %r clashes' % (custom_domain,)) %}
    ......@@ -264,7 +276,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
    config-monitor-password = ${monitor-htpasswd:passwd}
    software-type = {{frontend_type}}
    return = private-ipv4 public-ipv4 slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
    return = slave-instance-information-list monitor-base-url backend-client-csr_id-url csr_id-url csr_id-certificate backend-haproxy-statistic-url
    {#- Send only needed parameters to frontend nodes #}
    {%- set base_node_configuration_dict = {} %}
    ......
    software/caddy-frontend/instance-caddy-input-schema.json
    View file @ 25ce84fc
    ......@@ -50,17 +50,6 @@
    "title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
    "type": "integer"
    },
    "nginx-domain": {
    "description": "Base Domain for create subdomains (ie.: example2.com) for websocket, notebook and eventsource.",
    "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
    "title": "[NOT IMPLEMENTED] Nginx Domain",
    "type": "string"
    },
    "public-ipv4": {
    "description": "Public ipv4 of the frontend (the one Caddy will be indirectly listening to).",
    "title": "Public IPv4",
    "type": "string"
    },
    "re6st-verification-url": {
    "description": "Url to verify if the internet and/or re6stnet is working.",
    "title": "Test Verification URL",
    ......@@ -118,6 +107,12 @@
    ],
    "title": "Authenticate to backend",
    "type": "string"
    },
    "strict-transport-security": {
    "title": "Strict Transport Security",
    "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
    "default": "0",
    "type": "integer"
    }
    },
    "title": "Input Parameters",
    ......
    software/caddy-frontend/instance-slave-caddy-input-schema.json
    View file @ 25ce84fc
    ......@@ -285,6 +285,32 @@
    "description": "Amount of bad responses from the backend to consider it down.",
    "default": "1",
    "type": "integer"
    },
    "strict-transport-security": {
    "title": "Strict Transport Security",
    "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
    "default": "0",
    "type": "integer"
    },
    "strict-transport-security-sub-domains": {
    "title": "Strict Transport Security Sub Domains",
    "description": "Configures Strict Transport Security for sub domains.",
    "enum": [
    "false",
    "true"
    ],
    "type": "string",
    "default": "false"
    },
    "strict-transport-security-preload": {
    "title": "Strict Transport Security Preload",
    "description": "Configures Strict Transport Security preload mechanism.",
    "enum": [
    "false",
    "true"
    ],
    "type": "string",
    "default": "false"
    }
    },
    "title": "Input Parameters",
    ......
    software/caddy-frontend/instance-slave-output-schema.json
    View file @ 25ce84fc
    ......@@ -18,10 +18,6 @@
    "description": "List of URLs to access logs",
    "type": "array"
    },
    "public-ipv4": {
    "description": "Public IPv4 to be included on DNS",
    "type": "string"
    },
    "replication_number": {
    "description": "Number of nodes the slave is replicated",
    "type": "integer"
    ......
    software/caddy-frontend/instance.cfg.in
    View file @ 25ce84fc
    ......@@ -78,7 +78,6 @@ cert = ${slap-connection:cert-file}
    # All parameters are available through the configuration.XX syntax.
    # All possible parameters should have a default.
    configuration.domain = example.org
    configuration.public-ipv4 =
    configuration.port = 4443
    configuration.plain_http_port = 8080
    configuration.plain_nginx_port = 8081
    ......@@ -107,3 +106,4 @@ configuration.backend-haproxy-statistic-port = 21444
    configuration.authenticate-to-backend = False
    configuration.rotate-num = 4000
    configuration.slave-introspection-https-port = 22443
    configuration.strict-transport-security = 0
    software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
    View file @ 25ce84fc
    ......@@ -2,6 +2,7 @@
    {%- set kedifa_updater_mapping = [] %}
    {%- set cached_server_dict = {} %}
    {%- set backend_slave_list = [] %}
    {%- set frontend_slave_list = [] %}
    {%- set part_list = [] %}
    {%- set cache_port = caddy_configuration.get('cache-port') %}
    {%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
    ......@@ -39,16 +40,39 @@ context =
    [slave-password]
    [slave-htpasswd]
    {#- Loop thought slave list to set up slaves #}
    {#- Prepare configuration parameters #}
    {%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
    {%- for slave_instance in slave_instance_list %}
    {#- prepare backend parameters #}
    {%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
    {%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
    {%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
    {%- do slave_instance.__setitem__(prefix, info_dict) %}
    {%- for key in ['enable-http2-by-default', 'global-disable-http2'] %}
    {%- do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
    {%- endfor %}
    {#- Loop thought slave list to set up slaves #}
    {%- for slave_instance in slave_instance_list %}
    {#- Prepare slave parameters: #}
    {#- * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #}
    {#- * create real lists from string lists #}
    {#- * setup defaults to simplify other profiles #}
    {#- * stabilise values for backend #}
    {%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
    {%- set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
    {%- set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
    {%- do slave_instance.__setitem__(prefix, info_dict) %}
    {%- endfor %}
    {%- do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
    {%- do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
    {%- for key in ['https-only', 'websocket-transparent'] %}
    {%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
    {%- endfor %}
    {%- for key in ['enable_cache', 'disable-no-cache-request', 'disable-via-header', 'prefer-gzip-encoding-to-backend', 'strict-transport-security-sub-domains', 'strict-transport-security-preload'] %}
    {%- do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'false')).lower() in TRUE_VALUES) %}
    {%- endfor %}
    {%- for key in ['disabled-cookie-list'] %}
    {%- do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
    {%- endfor %}
    {%- for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
    {%- do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
    {%- endfor %}
    {%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
    {%- do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
    {#- Manage ciphers #}
    {%- set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
    {%- if slave_ciphers %}
    ......@@ -56,10 +80,10 @@ context =
    {%- else %}
    {%- set slave_cipher_list = configuration['ciphers'].strip() %}
    {%- endif %}
    {%- do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
    {%- do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
    {#- Manage common instance parameters #}
    {%- set slave_type = slave_instance.get('type', '') %}
    {%- set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
    {%- set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
    {%- set slave_reference = slave_instance.get('slave_reference') %}
    {%- set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
    {#- Setup backend URLs for front facing Caddy #}
    ......@@ -103,15 +127,13 @@ context =
    {%- do part_list.extend([slave_ln_section]) %}
    {%- do part_list.extend([slave_section_title]) %}
    {%- set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
    {#- Pass HTTP2 switch #}
    {%- do slave_instance.__setitem__('enable_http2_by_default', configuration['enable-http2-by-default']) %}
    {%- do slave_instance.__setitem__('global_disable_http2', configuration['global-disable-http2']) %}
    {#- Pass backend timeout values #}
    {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
    {%- for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend', 'strict-transport-security'] %}
    {%- if slave_instance.get(key, '') == '' %}
    {%- do slave_instance.__setitem__(key, configuration[key]) %}
    {%- endif %}
    {%- endfor %}
    {%- do slave_instance.__setitem__('strict-transport-security', int(slave_instance['strict-transport-security'])) %}
    {%- do slave_instance.__setitem__('authenticate-to-backend', ('' ~ slave_instance.get('authenticate-to-backend', '')).lower() in TRUE_VALUES) %}
    {#- Setup active check #}
    {%- do slave_instance.__setitem__('backend-active-check', ('' ~ slave_instance.get('backend-active-check', '')).lower() in TRUE_VALUES) %}
    ......@@ -157,7 +179,6 @@ context =
    {%- set slave_log_access_url = urlparse_module.unquote(furled.tostr()) %}
    {%- do slave_publish_dict.__setitem__('log-access', slave_log_access_url) %}
    {%- do slave_publish_dict.__setitem__('slave-reference', slave_reference) %}
    {%- do slave_publish_dict.__setitem__('public-ipv4', configuration['public-ipv4']) %}
    {%- do slave_publish_dict.__setitem__('backend-client-caucase-url', backend_client_caucase_url) %}
    {#- Set slave domain if none was defined #}
    {%- if slave_instance.get('custom_domain', None) == None %}
    ......@@ -168,6 +189,28 @@ context =
    {%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
    {%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
    {%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
    {%- set host_list = slave_instance.get('server-alias', '').split() %}
    {%- if slave_instance.get('custom_domain') not in host_list %}
    {%- do host_list.append(slave_instance.get('custom_domain')) %}
    {%- endif %}
    {%- do slave_instance.__setitem__('host_list', host_list) %}
    {%- do slave_instance.__setitem__('type', slave_instance.get('type', '')) %}
    {%- set websocket_path_list = [] %}
    {%- for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
    {%- set websocket_path = websocket_path.strip('/') %}
    {#- Unquote the path, so %20 and similar can be represented correctly #}
    {%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
    {%- if websocket_path %}
    {%- do websocket_path_list.append(websocket_path) %}
    {%- endif %}
    {%- endfor %}
    {%- do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
    {%- do slave_instance.__setitem__('enable_h2', not configuration['global-disable-http2'] and slave_instance['enable-http2']) %}
    {%- if slave_instance['type'] in ['notebook', 'websocket'] %}
    {# websocket style needs http 1.1 max #}
    {%- do slave_instance.__setitem__('enable_h2', False) %}
    {%- endif %}
    {%- do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
    [slave-log-directory-dict]
    {{slave_reference}} = {{ slave_log_folder }}
    ......@@ -224,12 +267,13 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
    {%- do slave_parameter_dict.__setitem__('certificate', certificate )%}
    {#- Set ssl certificates for each slave #}
    {%- for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
    {%- set cert_file_key = 'path_to_' + cert_name %}
    {%- if cert_name in slave_instance %}
    {%- set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
    {%- set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
    {%- do part_list.append(cert_title) %}
    {%- do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
    {%- do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
    {%- do slave_instance.__setitem__(cert_file_key, cert_file) %}
    {#- Store certificates on fs #}
    [{{ cert_title }}]
    < = jinja2-template-base
    ......@@ -241,7 +285,9 @@ extra-context =
    {#- Store certificate in config #}
    [{{ cert_title + '-config' }}]
    value = {{ dumps(slave_instance.get(cert_name)) }}
    {%- endif %}
    {%- else %}
    {%- do slave_instance.__setitem__(cert_file_key, None) %}
    {%- endif %} {#- if cert_name in slave_instance #}
    {%- endfor %}
    {#- Set Up Certs #}
    {%- if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
    ......@@ -273,7 +319,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
    local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
    {%- for key, value in slave_instance.iteritems() %}
    {%- if value is not none %}
    {{ key }} = {{ dumps('' ~ value) }}
    {{ key }} = {{ dumps(value) }}
    {%- endif %}
    {%- endfor %}
    ......@@ -284,7 +330,6 @@ rendered = {{ caddy_configuration_directory }}/${:filename}
    template = {{ template_default_slave_configuration }}
    extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
    import urllib_module urllib
    filename = {{ '%s.conf' % slave_reference }}
    {{ '\n' }}
    ......@@ -329,6 +374,7 @@ recipe = slapos.cookbook:publish
    {%- else %}
    {%- do slave_instance_information_list.append(slave_publish_dict) %}
    {%- endif %}
    {%- do frontend_slave_list.append(slave_instance) %}
    {%- if slave_type != 'redirect' %}
    {%- do backend_slave_list.append(slave_instance) %}
    {%- endif %}
    ......@@ -389,8 +435,6 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
    {#- Publish information for the instance #}
    [publish-caddy-information]
    recipe = slapos.cookbook:publish.serialised
    public-ipv4 = {{ configuration['public-ipv4'] }}
    private-ipv4 = {{ instance_parameter_dict['ipv4-random'] }}
    {%- if configuration['extra_slave_instance_list'] %}
    {#- sort_keys are important in order to avoid shuffling parameters on each run #}
    slave-instance-information-list = {{ json_module.dumps(slave_instance_information_list, sort_keys=True) }}
    ......
    software/caddy-frontend/templates/backend-haproxy.cfg.in
    View file @ 25ce84fc
    ......@@ -18,12 +18,8 @@ defaults
    {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
    {#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
    {%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
    {%- set host_list = (slave_instance.get('server-alias') or '').split() %}
    {%- if slave_instance.get('custom_domain') not in host_list %}
    {%- do host_list.append(slave_instance.get('custom_domain')) %}
    {%- endif %}
    {%- set matched = {'count': 0} %}
    {%- for host in host_list %}
    {%- for host in slave_instance['host_list'] %}
    {#- Match up to the end or optional port (starting with ':') #}
    {#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
    {%- if wildcard and host.startswith('*.') %}
    ......@@ -80,10 +76,9 @@ frontend https-backend
    {%- do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
    {%- endif %}
    {%- do ssl_list.append('ssl verify') %}
    {%- set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
    {%- if slave_instance['ssl_proxy_verify'] %}
    {%- if path_to_ssl_proxy_ca_crt %}
    {%- do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
    {%- if slave_instance['path_to_ssl_proxy_ca_crt'] %}
    {%- do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
    {%- else %}
    {#- Backend SSL shall be verified, but not CA provided, disallow connection #}
    {#- Simply dropping hostname from the dict will result with ignoring it... #}
    ......
    software/caddy-frontend/templates/default-virtualhost.conf.in
    View file @ 25ce84fc
    {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
    {%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
    {%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
    {%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
    {%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
    {%- set proxy_append_list = [('', 'Default proxy configuration')] %}
    {%- if prefer_gzip %}
    {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
    {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
    {%- endif %} {#- if prefer_gzip #}
    {%- set server_alias_list = slave_parameter.get('server-alias', '').split() %}
    {%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
    {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
    {%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
    {%- set slave_type = slave_parameter.get('type', '') %}
    {%- set host_list = server_alias_list %}
    {%- set cipher_list = slave_parameter.get('cipher_list', '').strip() %}
    {%- if slave_parameter.get('custom_domain') not in host_list %}
    {%- do host_list.append(slave_parameter.get('custom_domain')) %}
    {%- endif %}
    {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
    {%- set http_host_list = [] %}
    {%- set https_host_list = [] %}
    {%- for host in host_list %}
    {%- for host in slave_parameter['host_list'] %}
    {%- do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
    {%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
    {%- endfor %} {#- for host in host_list #}
    {%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
    {%- set websocket_path_list = [] %}
    {%- for websocket_path in slave_parameter.get('websocket-path-list', '').split() %}
    {%- set websocket_path = websocket_path.strip('/') %}
    {#- Unquote the path, so %20 and similar can be represented correctly #}
    {%- set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
    {%- if websocket_path %}
    {%- do websocket_path_list.append(websocket_path) %}
    {%- endif %}
    {%- endfor %}
    {%- set websocket_transparent = slave_parameter.get('websocket-transparent', 'true').lower() in TRUE_VALUES %}
    {%- if slave_type in ['notebook', 'websocket'] %}
    {# websocket style needs http 1.1 max #}
    {%- set enable_h2 = False %}
    {%- endif %}
    {%- endfor %} {#- for host in slave_parameter['host_list'] #}
    {%- macro proxy_header() %}
    timeout {{ slave_parameter['request-timeout'] }}s
    ......@@ -48,9 +18,24 @@
    try_interval 250ms
    {%- endmacro %} {# proxy_header #}
    {%- macro hsts_header(tls) %}
    {%- if tls %}
    {%- if slave_parameter['strict-transport-security'] > 0 %}
    {%- set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
    {%- if slave_parameter['strict-transport-security-sub-domains'] %}
    {%- do strict_transport_security.append('; includeSubDomains') %}
    {%- endif %}
    {%- if slave_parameter['strict-transport-security-preload'] %}
    {%- do strict_transport_security.append('; preload') %}
    {%- endif %}
    header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
    {%- endif %}
    {%- endif %}
    {%- endmacro %} {# hsts_header #}
    {%- for tls in [True, False] %}
    {%- if tls %}
    {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %}
    {%- set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
    # SSL enabled hosts
    {{ https_host_list|join(', ') }} {
    {%- else %}
    ......@@ -61,28 +46,28 @@
    bind {{ slave_parameter['local_ipv4'] }}
    {%- if tls %}
    tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
    {%- if cipher_list %}
    ciphers {{ cipher_list }}
    {%- if slave_parameter['ciphers'] %}
    ciphers {{ slave_parameter['ciphers'] }}
    {%- endif %}
    {%- if enable_h2 %}
    # Allow HTTP2
    {%- if slave_parameter['enable_h2'] %}
    # Allow http2
    alpn h2 http/1.1
    {%- else %} {#- if enable_h2 #}
    {%- else %} {#- if slave_parameter['enable_h2'] #}
    # Disallow HTTP2
    alpn http/1.1
    {%- endif %} {#- if enable_h2 #}
    {%- endif %} {#- if slave_parameter['enable_h2'] #}
    } {# tls #}
    {%- endif %} {#- if tls #}
    log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
    log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
    rotate_size 0
    }
    errors {{ slave_parameter.get('error_log') }} {
    errors {{ slave_parameter['error_log'] }} {
    rotate_size 0
    }
    {%- if not (slave_type == 'zope' and backend_url) %}
    {% if prefer_gzip and not (not tls and https_only) %}
    {%- if not (slave_parameter['type'] == 'zope' and backend_url) %}
    {% if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
    rewrite {
    regexp (.*)
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    ......@@ -93,90 +78,92 @@
    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    to {1}
    }
    {% elif slave_type not in ['notebook', 'websocket'] %}
    {% elif slave_parameter['type'] not in ['notebook', 'websocket'] %}
    rewrite {
    regexp (.*)
    to {1}
    }
    {% endif %} {# elif slave_type != 'notebook' #}
    {%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
    {% endif %} {# elif slave_parameter['type'] != 'notebook' #}
    {%- endif %} {#- if not (slave_parameter['type'] == 'zope' and backend_url) #}
    {%- if not tls and https_only %}
    {%- if not tls and slave_parameter['https-only'] %}
    # Enforced redirection to SSL-enabled host
    redir 302 {
    / https://{host}{rewrite_uri}
    }
    {%- elif slave_type == 'zope' and backend_url %}
    {%- elif slave_parameter['type'] == 'zope' and backend_url %}
    # Zope configuration
    {%- for (proxy_name, proxy_comment) in proxy_append_list %}
    # {{ proxy_comment }}
    proxy "/{{ proxy_name }}" {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    {%- if proxy_name == 'prefer-gzip' %}
    without /prefer-gzip
    header_upstream Accept-Encoding gzip
    {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
    {%- for disabled_cookie in disabled_cookie_list %}
    {%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
    # Remove cookie {{ disabled_cookie }} from client Cookies
    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
    {%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
    {%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
    {%- if disable_via_header %}
    {%- if slave_parameter['disable-via-header'] %}
    header_downstream -Via
    {%- endif %} {#- if disable_via_header #}
    {%- endif %} {#- if slave_parameter['disable-via-header'] #}
    {%- if disable_no_cache_header %}
    {%- if slave_parameter['disable-no-cache-request'] %}
    header_upstream -Cache-Control
    header_upstream -Pragma
    {%- endif %} {#- if disable_no_cache_header #}
    {%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
    transparent
    } {# proxy #}
    {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
    {%- if default_path %}
    {%- if slave_parameter['default-path'] %}
    redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ default_path }}
    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
    } {# redir #}
    {%- endif %} {#- if default_path #}
    {%- if prefer_gzip and not (not tls and https_only) %}
    {%- endif %} {#- if slave_parameter['default-path'] #}
    {%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
    rewrite {
    regexp (.*)
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    {%- if tls %}
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- else %}
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- endif %}
    }
    rewrite {
    regexp (.*)
    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    {%- if tls %}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- else %}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- endif %}
    }
    {%- else %}
    rewrite {
    regexp (.*)
    {%- if tls %}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- else %}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
    {%- endif %}
    } {# rewrite #}
    {%- endif %} {#- if prefer_gzip #}
    {%- elif slave_type == 'redirect' %}
    {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
    {%- elif slave_parameter['type'] == 'redirect' %}
    {%- if backend_url %}
    # Redirect configuration
    redir 302 {
    / {{ backend_url }}{rewrite_uri}
    }
    {%- endif %}
    {%- elif slave_type == 'notebook' %}
    {%- elif slave_parameter['type'] == 'notebook' %}
    proxy / {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    transparent
    }
    rewrite {
    ......@@ -185,25 +172,28 @@
    }
    proxy /proxy/ {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    transparent
    websocket
    without /proxy/
    }
    {%- elif slave_type == 'websocket' %}
    {%- if websocket_path_list %}
    {%- elif slave_parameter['type'] == 'websocket' %}
    {%- if slave_parameter['websocket-path-list'] %}
    proxy / {{ backend_url }} {
    {{ proxy_header() }}
    {%- if websocket_transparent %}
    {{ hsts_header(tls) }}
    {%- if slave_parameter['websocket-transparent'] %}
    transparent
    {%- else %}
    header_upstream Host {host}
    {%- endif %}
    }
    {%- for websocket_path in websocket_path_list %}
    {%- for websocket_path in slave_parameter['websocket-path-list'] %}
    proxy "/{{ websocket_path }}" {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    websocket
    {%- if websocket_transparent %}
    {%- if slave_parameter['websocket-transparent'] %}
    transparent
    {%- else %}
    header_upstream Host {host}
    ......@@ -213,49 +203,51 @@
    {%- else %}
    proxy / {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    websocket
    {%- if websocket_transparent %}
    {%- if slave_parameter['websocket-transparent'] %}
    transparent
    {%- else %}
    header_upstream Host {host}
    {%- endif %}
    }
    {%- endif %}
    {%- else %} {#- if slave_type == 'zope' and backend_url #}
    {%- else %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
    # Default configuration
    {%- if default_path %}
    {%- if slave_parameter['default-path'] %}
    redir 301 {
    if {path} is /
    / {scheme}://{host}/{{ default_path }}
    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
    } {# redir #}
    {%- endif %} {#- if default_path #}
    {%- endif %} {#- if slave_parameter['default-path'] #}
    {%- if backend_url %}
    {%- for (proxy_name, proxy_comment) in proxy_append_list %}
    # {{ proxy_comment }}
    proxy "/{{ proxy_name }}" {{ backend_url }} {
    {{ proxy_header() }}
    {{ hsts_header(tls) }}
    {%- if proxy_name == 'prefer-gzip' %}
    without /prefer-gzip
    header_upstream Accept-Encoding gzip
    {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
    {%- for disabled_cookie in disabled_cookie_list %}
    {%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
    # Remove cookie {{ disabled_cookie }} from client Cookies
    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
    {%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
    {%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
    {%- if disable_via_header %}
    {%- if slave_parameter['disable-via-header'] %}
    header_downstream -Via
    {%- endif %} {#- if disable_via_header #}
    {%- endif %} {#- if slave_parameter['disable-via-header'] #}
    {%- if disable_no_cache_header %}
    {%- if slave_parameter['disable-no-cache-request'] %}
    header_upstream -Cache-Control
    header_upstream -Pragma
    {%- endif %} {#- if disable_no_cache_header #}
    {%- endif %} {#- if slave_parameter['disable-no-cache-request'] #}
    transparent
    } {# proxy #}
    {%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
    {%- endif %} {#- if backend_url #}
    {%- endif %} {#- if slave_type == 'zope' and backend_url #}
    {%- endif %} {#- if slave_parameter['type'] == 'zope' and backend_url #}
    } {# https_host_list|join(', ') #}
    {%- endfor %} {#- for tls in [True, False] #}
    software/caddy-frontend/test/test.py
    View file @ 25ce84fc
    ......@@ -84,6 +84,9 @@ KEDIFA_PORT = '15080'
    # has to be not partition one
    SOURCE_IP = '127.0.0.1'
    # IP on which test run, in order to mimic HTTP[s] access
    TEST_IP = os.environ['SLAPOS_TEST_IPV4']
    # "--resolve" inspired from https://stackoverflow.com/a/44378047/9256748
    DNS_CACHE = {}
    ......@@ -254,11 +257,11 @@ def subprocess_output(*args, **kwargs):
    return subprocess_status_output(*args, **kwargs)[1]
    def isHTTP2(domain, ip):
    def isHTTP2(domain):
    curl_command = 'curl --http2 -v -k -H "Host: %(domain)s" ' \
    'https://%(domain)s:%(https_port)s/ '\
    '--resolve %(domain)s:%(https_port)s:%(ip)s' % dict(
    ip=ip, domain=domain, https_port=HTTPS_PORT)
    ip=TEST_IP, domain=domain, https_port=HTTPS_PORT)
    prc = subprocess.Popen(
    curl_command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE
    )
    ......@@ -395,7 +398,7 @@ class TestDataMixin(object):
    self.assertTestData(runtime_data, hash_value_dict=hash_value_dict)
    def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
    def fakeHTTPSResult(domain, path, port=HTTPS_PORT,
    headers=None, cookies=None, source_ip=SOURCE_IP):
    if headers is None:
    headers = {}
    ......@@ -414,7 +417,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
    session.mount('https://', new_source)
    socket_getaddrinfo = socket.getaddrinfo
    try:
    add_custom_dns(domain, port, real_ip)
    add_custom_dns(domain, port, TEST_IP)
    socket.getaddrinfo = new_getaddrinfo
    return session.get(
    'https://%s:%s/%s' % (domain, port, path),
    ......@@ -427,7 +430,7 @@ def fakeHTTPSResult(domain, real_ip, path, port=HTTPS_PORT,
    socket.getaddrinfo = socket_getaddrinfo
    def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
    def fakeHTTPResult(domain, path, port=HTTP_PORT,
    headers=None, source_ip=SOURCE_IP):
    if headers is None:
    headers = {}
    ......@@ -445,7 +448,7 @@ def fakeHTTPResult(domain, real_ip, path, port=HTTP_PORT,
    session.mount('http://', new_source)
    session.mount('https://', new_source)
    return session.get(
    'http://%s:%s/%s' % (real_ip, port, path),
    'http://%s:%s/%s' % (TEST_IP, port, path),
    headers=headers,
    allow_redirects=False,
    )
    ......@@ -921,7 +924,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
    def waitForCaddy(cls):
    def method():
    fakeHTTPSResult(
    cls._ipv4_address, cls._ipv4_address,
    cls._ipv4_address,
    '/',
    )
    cls.waitForMethod('waitForCaddy', method)
    ......@@ -1038,10 +1041,10 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
    def waitForSlave(cls):
    def method():
    for parameter_dict in cls.getSlaveConnectionParameterDictList():
    if 'domain' in parameter_dict and 'public-ipv4' in parameter_dict:
    if 'domain' in parameter_dict:
    try:
    fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], '/')
    parameter_dict['domain'], '/')
    except requests.exceptions.InvalidURL:
    # ignore slaves to which connection is impossible by default
    continue
    ......@@ -1117,7 +1120,6 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -1192,7 +1194,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -1246,18 +1247,26 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'backend-connect-timeout': 10,
    'backend-connect-retries': 5,
    'request-timeout': 15,
    'strict-transport-security': '200',
    'strict-transport-security-sub-domains': True,
    'strict-transport-security-preload': True,
    },
    'server-alias': {
    'url': cls.backend_url,
    'server-alias': 'alias1.example.com alias2.example.com',
    'strict-transport-security': '200',
    },
    'server-alias-empty': {
    'url': cls.backend_url,
    'server-alias': '',
    'strict-transport-security': '200',
    'strict-transport-security-sub-domains': True,
    },
    'server-alias-wildcard': {
    'url': cls.backend_url,
    'server-alias': '*.alias1.example.com',
    'strict-transport-security': '200',
    'strict-transport-security-preload': True,
    },
    'server-alias-duplicated': {
    'url': cls.backend_url,
    ......@@ -1701,7 +1710,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    def test_empty(self):
    parameter_dict = self.assertSlaveBase('empty')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    ......@@ -1709,7 +1718,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    result_http.status_code
    ......@@ -1722,7 +1731,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    # check that 404 is as configured
    result_missing = fakeHTTPSResult(
    'forsuredoesnotexists.example.com', parameter_dict['public-ipv4'], '')
    'forsuredoesnotexists.example.com', '')
    self.assertEqual(httplib.NOT_FOUND, result_missing.status_code)
    self.assertEqual(
    """<html>
    ......@@ -1806,7 +1815,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    "slave url ' %s ' has been converted to '%s'" % (
    ......@@ -1816,7 +1824,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -1828,6 +1836,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertNotIn('Strict-Transport-Security', result.headers)
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    try:
    ......@@ -1878,7 +1887,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    log_regexp)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -1956,7 +1965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    # 4. check that you can access this backend via frontend
    # (so it means that auth to backend worked)
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -2045,7 +2054,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    # 4. check that you can access this backend via frontend
    # (so it means that auth to backend worked)
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -2074,7 +2083,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('auth-to-backend-backend-ignore')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -2103,7 +2112,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2130,7 +2139,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    "slave url ' %s ' has been converted to '%s'" % (
    ......@@ -2140,7 +2148,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_compressed = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Accept-Encoding': 'gzip',
    ......@@ -2162,7 +2170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_not_compressed = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Accept-Encoding': 'gzip',
    ......@@ -2183,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    "slave url ' %s ' has been converted to '%s'" % (
    ......@@ -2192,7 +2199,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Accept-Encoding': 'gzip',
    ......@@ -2224,7 +2231,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://url.example.com',
    'site_url': 'http://url.example.com',
    'secure_access': 'https://url.example.com',
    'public-ipv4': self._ipv4_address,
    },
    parameter_dict
    )
    ......@@ -2248,7 +2254,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('type-zope-path')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2268,7 +2274,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('type-zope-default-path')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], '')
    parameter_dict['domain'], '')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2290,29 +2296,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('server-alias')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200', result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPSResult(
    'alias1.example.com', parameter_dict['public-ipv4'],
    'alias1.example.com',
    'test-path/deep/.././deeper')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200', result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPSResult(
    'alias2.example.com', parameter_dict['public-ipv4'],
    'alias2.example.com',
    'test-path/deep/.././deeper')
    self.assertEqual(
    'max-age=200', result.headers['Strict-Transport-Security'])
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    ......@@ -2321,7 +2333,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('server-alias-empty')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -2333,6 +2345,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200; includeSubDomains',
    result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    try:
    ......@@ -2360,28 +2375,33 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://serveraliaswildcard.example.com',
    'site_url': 'http://serveraliaswildcard.example.com',
    'secure_access': 'https://serveraliaswildcard.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200; preload',
    result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/test-path')
    result = fakeHTTPSResult(
    'wild.alias1.example.com', parameter_dict['public-ipv4'], 'test-path')
    'wild.alias1.example.com', 'test-path')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200; preload',
    result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/test-path')
    def test_server_alias_duplicated(self):
    ......@@ -2395,14 +2415,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://serveraliasduplicated.example.com',
    'site_url': 'http://serveraliasduplicated.example.com',
    'secure_access': 'https://serveraliasduplicated.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2411,7 +2430,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path')
    result = fakeHTTPSResult(
    'alias3.example.com', parameter_dict['public-ipv4'], 'test-path')
    'alias3.example.com', 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2431,14 +2450,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://alias4.example.com',
    'site_url': 'http://alias4.example.com',
    'secure_access': 'https://alias4.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2464,7 +2482,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
    'secure_access':
    'https://customdomainsslcrtsslkeysslcacrt.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -2488,7 +2505,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.customdomain_ca_certificate_pem,
    ......@@ -2516,7 +2533,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'site_url': 'http://sslcacrtonly.example.com',
    'secure_access':
    'https://sslcacrtonly.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -2549,7 +2565,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'site_url': 'http://sslcacrtgarbage.example.com',
    'secure_access':
    'https://sslcacrtgarbage.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -2575,7 +2590,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    ca_certificate_pem,
    ......@@ -2604,7 +2619,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'site_url': 'http://sslcacrtdoesnotmatch.example.com',
    'secure_access':
    'https://sslcacrtdoesnotmatch.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -2626,7 +2640,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2646,7 +2660,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('https-only')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2656,7 +2670,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(result_http, 'Path', '/test-path/deeper')
    ......@@ -2674,14 +2688,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2702,14 +2715,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -2718,7 +2730,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path')
    result = fakeHTTPSResult(
    'mycustomdomainserveralias1.example.com', parameter_dict['public-ipv4'],
    'mycustomdomainserveralias1.example.com',
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2738,14 +2750,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://*.customdomain.example.com',
    'site_url': 'http://*.customdomain.example.com',
    'secure_access': 'https://*.customdomain.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    'wild.customdomain.example.com', parameter_dict['public-ipv4'],
    'wild.customdomain.example.com',
    'test-path')
    self.assertEqual(
    ......@@ -2768,7 +2779,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -2789,7 +2799,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.customdomain_certificate_pem,
    ......@@ -2801,7 +2811,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('type-zope')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2822,7 +2832,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2841,7 +2851,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-prefer-gzip-encoding-to-backend-https-only')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2863,7 +2873,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(
    ......@@ -2875,7 +2885,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -2900,7 +2910,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'gzip', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -2919,7 +2929,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-prefer-gzip-encoding-to-backend')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2941,7 +2951,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -2956,7 +2966,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -2981,7 +2991,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'gzip', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -3001,7 +3011,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-virtualhostroot-http-port')
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqualResultJson(
    result,
    ......@@ -3015,7 +3025,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-virtualhostroot-https-port')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3041,14 +3051,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path',
    HTTPS_PORT)
    ......@@ -3059,7 +3068,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test/terminals/websocket/test',
    HTTPS_PORT)
    ......@@ -3069,14 +3078,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_type_websocket(self):
    parameter_dict = self.assertSlaveBase(
    'type-websocket')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqual(
    ......@@ -3099,14 +3108,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    self.assertTrue('x-real-ip' in j['Incoming Headers'])
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_type_websocket_websocket_transparent_false(self):
    parameter_dict = self.assertSlaveBase(
    'type-websocket-websocket-transparent-false')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqual(
    ......@@ -3132,14 +3141,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    self.assertFalse('x-real-ip' in j['Incoming Headers'])
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_type_websocket_websocket_path_list(self):
    parameter_dict = self.assertSlaveBase(
    'type-websocket-websocket-path-list')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqual(
    ......@@ -3152,7 +3161,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3161,7 +3170,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertTrue('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path',
    parameter_dict['domain'], 'ws/test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqualResultJson(
    ......@@ -3170,7 +3179,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/ws/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3183,7 +3192,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertTrue('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'with%20space/test-path', headers={'Connection': 'Upgrade'})
    self.assertEqualResultJson(
    ......@@ -3192,7 +3201,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/with%20space/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3210,7 +3219,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-websocket-websocket-path-list-websocket-transparent-false')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqual(
    ......@@ -3223,7 +3232,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3235,7 +3244,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertFalse('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'ws/test-path',
    parameter_dict['domain'], 'ws/test-path',
    headers={'Connection': 'Upgrade'})
    self.assertEqualResultJson(
    ......@@ -3244,7 +3253,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/ws/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3259,7 +3268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertFalse('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'with%20space/test-path', headers={'Connection': 'Upgrade'})
    self.assertEqualResultJson(
    ......@@ -3268,7 +3277,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    '/with%20space/test-path'
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    try:
    j = result.json()
    except Exception:
    ......@@ -3298,14 +3307,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://typeeventsource.nginx.example.com',
    'site_url': 'http://typeeventsource.nginx.example.com',
    'secure_access': 'https://typeeventsource.nginx.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'pub',
    parameter_dict['domain'], 'pub',
    # NGINX_HTTPS_PORT
    )
    ......@@ -3335,7 +3343,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('type-redirect')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -3365,14 +3373,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -3404,14 +3411,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'http://sslproxyverifysslproxycacrtunverified.example.com',
    'secure_access':
    'https://sslproxyverifysslproxycacrtunverified.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3423,7 +3429,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    ......@@ -3440,7 +3446,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('ssl-proxy-verify_ssl_proxy_ca_crt')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3462,7 +3468,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    ......@@ -3479,7 +3485,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('ssl-proxy-verify-unverified')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3507,14 +3513,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'http://enablecachesslproxyverifysslproxycacrtunverified.example.com',
    'secure_access':
    'https://enablecachesslproxyverifysslproxycacrtunverified.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -3527,7 +3532,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deeper')
    self.assertEqual(
    ......@@ -3546,7 +3551,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -3580,7 +3585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'enable_cache-ssl-proxy-verify-unverified')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3607,14 +3612,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'http://typezopesslproxyverifysslproxycacrtunverified.example.com',
    'secure_access':
    'https://typezopesslproxyverifysslproxycacrtunverified.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3626,7 +3630,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    ......@@ -3644,7 +3648,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3665,7 +3669,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    ......@@ -3683,7 +3687,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'type-zope-ssl-proxy-verify-unverified')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3698,7 +3702,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('monitor-ipv6-test')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3707,7 +3711,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    result_http.status_code
    ......@@ -3735,7 +3739,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('monitor-ipv4-test')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3744,7 +3748,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    result_http.status_code
    ......@@ -3773,7 +3777,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('ciphers')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -3782,7 +3786,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    httplib.FOUND,
    ......@@ -3816,14 +3820,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600'})
    ......@@ -3865,7 +3868,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('enable_cache_server_alias')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600'})
    ......@@ -3904,7 +3907,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    'enablecacheserveralias1.example.com', parameter_dict['public-ipv4'],
    'enablecacheserveralias1.example.com',
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600'})
    ......@@ -3924,7 +3927,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    source_ip = '127.0.0.1'
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600',
    ......@@ -4073,7 +4076,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    def checkResult(status_code, body):
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], path,
    parameter_dict['domain'], path,
    source_ip=source_ip
    )
    self.assertEqual(result.status_code, status_code)
    ......@@ -4118,7 +4121,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    source_ip = '127.0.0.1'
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600',
    ......@@ -4169,7 +4172,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.stopServerProcess()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1',
    },
    ......@@ -4185,7 +4188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    # check that timeout seen by ATS does not result in many queries done
    # to the backend and that next request works like a charm
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test_enable_cache_ats_timeout', headers={
    'Timeout': '15',
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    ......@@ -4252,7 +4255,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    # the result is available immediately after
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper', headers={
    'X-Reply-Header-Cache-Control': 'max-age=1, stale-while-'
    'revalidate=3600, stale-if-error=3600'})
    ......@@ -4264,7 +4267,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'enable_cache-disable-no-cache-request')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    headers={'Pragma': 'no-cache', 'Cache-Control': 'something'})
    self.assertEqual(
    ......@@ -4312,7 +4315,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('enable_cache-disable-via-header')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -4353,7 +4356,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('enable-http2-false')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -4381,13 +4384,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_default(self):
    parameter_dict = self.assertSlaveBase('enable-http2-default')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -4415,14 +4418,14 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    self.assertTrue(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_prefer_gzip_encoding_to_backend_https_only(self):
    parameter_dict = self.assertSlaveBase(
    'prefer-gzip-encoding-to-backend-https-only')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -4438,7 +4441,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'gzip', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'deflate'})
    ......@@ -4450,7 +4453,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'deflate', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -4460,13 +4463,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -4479,7 +4482,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'gzip', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'deflate'})
    ......@@ -4492,13 +4495,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'deflate', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    ......@@ -4508,7 +4511,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'prefer-gzip-encoding-to-backend')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -4524,7 +4527,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'gzip', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'deflate'})
    ......@@ -4536,7 +4539,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'deflate', result.json()['Incoming Headers']['accept-encoding'])
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -4546,13 +4549,13 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'gzip, deflate'})
    ......@@ -4567,7 +4570,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={'Accept-Encoding': 'deflate'})
    ......@@ -4582,7 +4585,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -4596,7 +4599,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -4613,7 +4616,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('disabled-cookie-list')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    cookies=dict(
    Chocolate='absent',
    Vanilia='absent',
    ......@@ -4635,17 +4638,21 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('url_https-url')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqual(
    'max-age=200; includeSubDomains; preload',
    result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper')
    self.assertEqual(
    ......@@ -4653,6 +4660,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    result_http.status_code
    )
    self.assertNotIn('Strict-Transport-Security', result_http.headers)
    self.assertEqual(
    'https://urlhttpsurl.example.com:%s/test-path/deeper' % (HTTP_PORT,),
    result_http.headers['Location']
    ......@@ -4675,7 +4684,6 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    '-frontend-quantity': 2,
    '-sla-2-computer_guid': cls.slap._computer_id,
    '-frontend-2-state': 'stopped',
    ......@@ -4705,14 +4713,13 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://replicate.example.com',
    'site_url': 'http://replicate.example.com',
    'secure_access': 'https://replicate.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -4721,7 +4728,7 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path')
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqualResultJson(result_http, 'Path', '/test-path')
    # prove 2nd frontend by inspection of the instance
    ......@@ -4743,7 +4750,6 @@ class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    '-frontend-quantity': 2,
    '-sla-2-computer_guid': cls.slap._computer_id,
    '-frontend-2-state': 'destroyed',
    ......@@ -4783,7 +4789,6 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'enable-http2-by-default': 'false',
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    ......@@ -4820,14 +4825,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2default.example.com',
    'secure_access':
    'https://enablehttp2default.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_false(self):
    parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
    ......@@ -4841,14 +4845,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2false.example.com',
    'secure_access':
    'https://enablehttp2false.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_true(self):
    parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
    ......@@ -4862,14 +4865,13 @@ class TestEnableHttp2ByDefaultFalseSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2true.example.com',
    'secure_access':
    'https://enablehttp2true.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertTrue(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
    ......@@ -4878,7 +4880,6 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -4914,14 +4915,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2default.example.com',
    'secure_access':
    'https://enablehttp2default.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertTrue(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_false(self):
    parameter_dict = self.parseSlaveParameterDict('enable-http2-false')
    ......@@ -4935,14 +4935,13 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2false.example.com',
    'secure_access':
    'https://enablehttp2false.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_true(self):
    parameter_dict = self.parseSlaveParameterDict('enable-http2-true')
    ......@@ -4957,13 +4956,12 @@ class TestEnableHttp2ByDefaultDefaultSlave(SlaveHttpFrontendTestCase,
    'site_url': 'http://enablehttp2true.example.com',
    'secure_access':
    'https://enablehttp2true.example.com',
    'public-ipv4': self._ipv4_address,
    },
    parameter_dict
    )
    self.assertTrue(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
    ......@@ -5002,7 +5000,6 @@ class TestRe6stVerificationUrlDefaultSlave(SlaveHttpFrontendTestCase,
    'url': 'http://default.None',
    'site_url': 'http://default.None',
    'secure_access': 'https://default.None',
    'public-ipv4': 'None',
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -5057,7 +5054,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
    'url': 'http://default.None',
    'site_url': 'http://default.None',
    'secure_access': 'https://default.None',
    'public-ipv4': 'None',
    },
    parameter_dict
    )
    ......@@ -5078,59 +5074,6 @@ class TestRe6stVerificationUrlSlave(SlaveHttpFrontendTestCase,
    )
    @skip('Impossible to instantiate cluster with stopped partition')
    class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
    @classmethod
    def getInstanceParameterDict(cls):
    return {
    '-frontend-1-state': 'stopped',
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    'caucase_port': CAUCASE_PORT,
    }
    @classmethod
    def runKedifaUpdater(cls):
    return
    @classmethod
    def getSlaveParameterDictDict(cls):
    return {
    'test': {
    'url': cls.backend_url,
    },
    'testcached': {
    'url': cls.backend_url,
    'enable_cache': True,
    },
    }
    def test(self):
    parameter_dict = self.parseSlaveParameterDict('test')
    self.assertKeyWithPop('log-access-url', parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict)
    self.assertEqual(
    {
    'domain': 'test.None', 'replication_number': '1',
    'url': 'http://test.None', 'site_url': 'http://test.None',
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'secure_access': 'https://test.None', 'public-ipv4': 'None'},
    parameter_dict
    )
    master_monitor_conf = open(os.path.join(
    self.instance_path, 'T-0', 'etc',
    'monitor-httpd.conf')).read()
    slave_monitor_conf = open(os.path.join(
    self.instance_path, 'T-2', 'etc',
    'monitor-httpd.conf')).read()
    self.assertTrue(
    'Listen [%s]:8196' % (self._ipv6_address,) in master_monitor_conf)
    self.assertTrue(
    'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
    class TestSlaveGlobalDisableHttp2(TestSlave):
    @classmethod
    def getInstanceParameterDict(cls):
    ......@@ -5151,14 +5094,13 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
    'site_url': 'http://enablehttp2default.example.com',
    'secure_access':
    'https://enablehttp2default.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -5186,7 +5128,7 @@ class TestSlaveGlobalDisableHttp2(TestSlave):
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
    ......@@ -5211,14 +5153,13 @@ class TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2(
    'site_url': 'http://enablehttp2true.example.com',
    'secure_access':
    'https://enablehttp2true.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
    ......@@ -5243,14 +5184,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
    'site_url': 'http://enablehttp2true.example.com',
    'secure_access':
    'https://enablehttp2true.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    def test_enable_http2_default(self):
    parameter_dict = self.parseSlaveParameterDict('enable-http2-default')
    ......@@ -5264,14 +5204,13 @@ class TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2(
    'site_url': 'http://enablehttp2default.example.com',
    'secure_access':
    'https://enablehttp2default.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    self.assertFalse(
    isHTTP2(parameter_dict['domain'], parameter_dict['public-ipv4']))
    isHTTP2(parameter_dict['domain']))
    class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
    ......@@ -5294,7 +5233,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'apache-certificate': cls.certificate_pem,
    'apache-key': cls.key_pem,
    'port': HTTPS_PORT,
    ......@@ -5326,14 +5264,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -5356,7 +5293,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    certificate_pem,
    ......@@ -5433,7 +5370,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'apache-certificate': cls.certificate_pem,
    'apache-key': cls.key_pem,
    'port': HTTPS_PORT,
    ......@@ -5599,14 +5535,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -5627,14 +5562,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -5661,7 +5595,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    certificate_pem,
    ......@@ -5683,7 +5617,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_crt is obsolete, please use key-upload-url',
    ......@@ -5694,7 +5627,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.ssl_from_slave_certificate_pem,
    ......@@ -5716,7 +5649,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_crt is obsolete, please use key-upload-url',
    ......@@ -5727,7 +5659,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.ssl_from_slave_kedifa_overrides_certificate_pem,
    ......@@ -5755,7 +5687,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    certificate_pem,
    ......@@ -5776,14 +5708,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5805,14 +5736,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5841,7 +5771,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5863,7 +5793,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_crt is obsolete, please use key-upload-url',
    ......@@ -5874,7 +5803,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5896,7 +5825,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_crt is obsolete, please use key-upload-url',
    ......@@ -5907,7 +5835,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5936,7 +5864,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
    parameter_dict['domain'], 'test-path',
    HTTPS_PORT)
    self.assertEqual(
    ......@@ -5960,7 +5888,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': ['ssl_key is obsolete, please use key-upload-url',
    'ssl_crt is obsolete, please use key-upload-url']
    ......@@ -5969,7 +5896,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.customdomain_certificate_pem,
    ......@@ -5990,7 +5917,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'site_url': 'http://customdomainsslcrtsslkeysslcacrt.example.com',
    'secure_access':
    'https://customdomainsslcrtsslkeysslcacrt.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_ca_crt is obsolete, please use key-upload-url',
    ......@@ -6002,7 +5928,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.customdomain_ca_certificate_pem,
    ......@@ -6046,7 +5972,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    self.slap.waitForInstance()
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    customdomain_ca_certificate_pem,
    ......@@ -6079,7 +6005,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'site_url': 'http://sslcacrtgarbage.example.com',
    'secure_access':
    'https://sslcacrtgarbage.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_ca_crt is obsolete, please use key-upload-url',
    ......@@ -6090,7 +6015,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.sslcacrtgarbage_ca_certificate_pem,
    ......@@ -6111,7 +6036,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    'site_url': 'http://sslcacrtdoesnotmatch.example.com',
    'secure_access':
    'https://sslcacrtdoesnotmatch.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'warning-list': [
    'ssl_ca_crt is obsolete, please use key-upload-url',
    ......@@ -6123,7 +6047,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6175,7 +6099,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
    'apache-certificate': cls.certificate_pem,
    'apache-key': cls.key_pem,
    })
    cls.instance_parameter_dict['public-ipv4'] = cls._ipv4_address
    return cls.instance_parameter_dict
    @classmethod
    ......@@ -6225,14 +6148,13 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6257,7 +6179,7 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
    self.runKedifaUpdater()
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    certificate_pem,
    ......@@ -6271,7 +6193,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -6320,7 +6241,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('default_ciphers')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6329,7 +6250,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.OK, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(httplib.FOUND, result_http.status_code)
    configuration_file = glob.glob(
    ......@@ -6346,7 +6267,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    parameter_dict = self.assertSlaveBase('own_ciphers')
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6355,7 +6276,7 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(httplib.OK, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(httplib.FOUND, result_http.status_code)
    configuration_file = glob.glob(
    ......@@ -6379,7 +6300,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -6541,8 +6461,8 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'domain': 'example.com',
    'accepted-slave-amount': '7',
    'rejected-slave-amount': '24',
    'accepted-slave-amount': '5',
    'rejected-slave-amount': '26',
    'slave-amount': '31',
    'rejected-slave-dict': {
    '_HTTPS-URL': ['slave https-url "https://[fd46::c2ae]:!py!u\'123123\'"'
    ......@@ -6575,6 +6495,10 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    '_BAD-BACKEND': [
    "slave https-url 'http://host.domain:badport' invalid",
    "slave url 'http://1:2:3:4' invalid"],
    '_VIRTUALHOSTROOT-HTTP-PORT-UNSAFE': [
    "Wrong virtualhostroot-http-port '${section:option}'"],
    '_VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE': [
    "Wrong virtualhostroot-https-port '${section:option}'"],
    '_EMPTY-BACKEND': [
    "slave https-url '' invalid",
    "slave url '' invalid"],
    ......@@ -6659,14 +6583,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'url': 'http://serveraliassame.example.com',
    'site_url': 'http://serveraliassame.example.com',
    'secure_access': 'https://serveraliassame.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6711,60 +6634,27 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    def test_virtualhostroot_http_port_unsafe(self):
    parameter_dict = self.parseSlaveParameterDict(
    'VIRTUALHOSTROOT-HTTP-PORT-UNSAFE')
    self.assertLogAccessUrlWithPop(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict)
    self.assertEqual(
    {
    'domain': 'virtualhostroothttpportunsafe.example.com',
    'replication_number': '1',
    'url': 'http://virtualhostroothttpportunsafe.example.com',
    'site_url': 'http://virtualhostroothttpportunsafe.example.com',
    'secure_access':
    'https://virtualhostroothttpportunsafe.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'request-error-list': [
    "Wrong virtualhostroot-http-port '${section:option}'"
    ]
    },
    parameter_dict
    )
    result = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    self.assertEqual(httplib.FOUND, result.status_code)
    def test_virtualhostroot_https_port_unsafe(self):
    parameter_dict = self.parseSlaveParameterDict(
    'VIRTUALHOSTROOT-HTTPS-PORT-UNSAFE')
    self.assertLogAccessUrlWithPop(parameter_dict)
    self.assertKedifaKeysWithPop(parameter_dict)
    self.assertEqual(
    {
    'domain': 'virtualhostroothttpsportunsafe.example.com',
    'replication_number': '1',
    'url': 'http://virtualhostroothttpsportunsafe.example.com',
    'site_url': 'http://virtualhostroothttpsportunsafe.example.com',
    'secure_access':
    'https://virtualhostroothttpsportunsafe.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    'request-error-list': [
    "Wrong virtualhostroot-https-port '${section:option}'"
    ]
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    der2pem(result.peercert))
    self.assertEqualResultJson(
    result,
    'Path',
    '/VirtualHostBase/https//virtualhostroothttpsportunsafe'
    '.example.com:0//VirtualHostRoot/test-path'
    )
    def default_path_unsafe(self):
    parameter_dict = self.parseSlaveParameterDict('DEFAULT-PATH-UNSAFE')
    self.assertLogAccessUrlWithPop(parameter_dict)
    ......@@ -6776,14 +6666,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'url': 'http://defaultpathunsafe.example.com',
    'site_url': 'http://defaultpathunsafe.example.com',
    'secure_access': 'https://defaultpathunsafe.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], '')
    parameter_dict['domain'], '')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6811,14 +6700,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'url': 'http://monitoripv4testunsafe.example.com',
    'site_url': 'http://monitoripv4testunsafe.example.com',
    'secure_access': 'https://monitoripv4testunsafe.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6827,7 +6715,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(httplib.FOUND, result_http.status_code)
    monitor_file = glob.glob(
    ......@@ -6856,14 +6744,13 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'url': 'http://monitoripv6testunsafe.example.com',
    'site_url': 'http://monitoripv6testunsafe.example.com',
    'secure_access': 'https://monitoripv6testunsafe.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(
    self.certificate_pem,
    ......@@ -6872,7 +6759,7 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    self.assertEqual(httplib.SERVICE_UNAVAILABLE, result.status_code)
    result_http = fakeHTTPResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    parameter_dict['domain'], 'test-path')
    self.assertEqual(httplib.FOUND, result_http.status_code)
    monitor_file = glob.glob(
    ......@@ -6899,7 +6786,6 @@ class TestSlaveRejectReportUnsafeDamaged(SlaveHttpFrontendTestCase):
    'url': 'http://duplicate.example.com',
    'site_url': 'http://duplicate.example.com',
    'secure_access': 'https://duplicate.example.com',
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict
    ......@@ -6986,7 +6872,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -7025,7 +6910,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict_wildcard
    ......@@ -7041,14 +6925,13 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
    'url': 'http://%s.example.com' % (hostname, ),
    'site_url': 'http://%s.example.com' % (hostname, ),
    'secure_access': 'https://%s.example.com' % (hostname, ),
    'public-ipv4': self._ipv4_address,
    'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
    },
    parameter_dict_specific
    )
    result_wildcard = fakeHTTPSResult(
    'other.alias1.example.com', parameter_dict_wildcard['public-ipv4'],
    'other.alias1.example.com',
    'test-path',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -7059,7 +6942,7 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
    result_specific = fakeHTTPSResult(
    'zspecific.alias1.example.com', parameter_dict_specific['public-ipv4'],
    'zspecific.alias1.example.com',
    'test-path',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......@@ -7124,13 +7007,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    'enable-http2-by-default': True,
    'global-disable-http2': True,
    'mpm-graceful-shutdown-timeout': 2,
    'public-ipv4': '255.255.255.255',
    're6st-verification-url': 're6st-verification-url',
    'backend-connect-timeout': 2,
    'backend-connect-retries': 1,
    'ciphers': 'ciphers',
    'request-timeout': 100,
    'authenticate-to-backend': True,
    'strict-transport-security': 200,
    # specific parameters
    '-frontend-config-1-ram-cache-size': '512K',
    '-frontend-config-2-ram-cache-size': '256K',
    ......@@ -7225,11 +7108,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': '11080',
    u'port': '11443',
    u'public-ipv4': u'255.255.255.255',
    u'ram-cache-size': u'512K',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    u'slave-kedifa-information': u'{}',
    u'strict-transport-security': u'200'
    },
    'caddy-frontend-2': {
    'X-software_release_url': self.frontend_2_sr,
    ......@@ -7253,11 +7136,11 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': u'11080',
    u'port': u'11443',
    u'public-ipv4': u'255.255.255.255',
    u'ram-cache-size': u'256K',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    u'slave-kedifa-information': u'{}',
    u'strict-transport-security': u'200'
    },
    'caddy-frontend-3': {
    'X-software_release_url': self.frontend_3_sr,
    ......@@ -7281,10 +7164,10 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    u'mpm-graceful-shutdown-timeout': u'2',
    u'plain_http_port': u'11080',
    u'port': u'11443',
    u'public-ipv4': u'255.255.255.255',
    u're6st-verification-url': u're6st-verification-url',
    u'request-timeout': u'100',
    u'slave-kedifa-information': u'{}'
    u'slave-kedifa-information': u'{}',
    u'strict-transport-security': u'200'
    },
    'kedifa': {
    'X-software_release_url': self.kedifa_sr,
    ......@@ -7326,12 +7209,12 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
    'mpm-graceful-shutdown-timeout': '2',
    'plain_http_port': '11080',
    'port': '11443',
    'public-ipv4': '255.255.255.255',
    're6st-verification-url': 're6st-verification-url',
    'request-timeout': '100',
    'root_instance_title': 'testing partition 0',
    'slap_software_type': 'RootSoftwareInstance',
    'slave_instance_list': []
    'slave_instance_list': [],
    'strict-transport-security': '200'
    }
    }
    self.assertEqual(
    ......@@ -7345,7 +7228,6 @@ class TestSlaveBackendActiveCheck(SlaveHttpFrontendTestCase, TestDataMixin):
    def getInstanceParameterDict(cls):
    return {
    'domain': 'example.com',
    'public-ipv4': cls._ipv4_address,
    'port': HTTPS_PORT,
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    ......@@ -7434,7 +7316,7 @@ backend _backend-active-check-default-http
    self._get_backend_haproxy_configuration()
    )
    result = fakeHTTPSResult(
    parameter_dict['domain'], parameter_dict['public-ipv4'],
    parameter_dict['domain'],
    'test-path/deep/.././deeper',
    headers={
    'Timeout': '10', # more than default backend-connect-timeout == 5
    ......
    software/erp5/test/test/test_balancer.py
    View file @ 25ce84fc
    ......@@ -145,7 +145,15 @@ class BalancerTestCase(ERP5InstanceTestCase):
    # XXX what is this ? should probably not be needed here
    'name': cls.__name__,
    'monitor-passwd': 'secret',
    'apachedex-configuration': '--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet',
    'apachedex-configuration': [
    '--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
    '--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
    '--base', '+other', '/',
    '--skip-user-agent', 'Zabbix',
    '--error-detail',
    '--js-embed',
    '--quiet',
    ],
    'apachedex-promise-threshold': 100,
    'haproxy-server-check-path': '/',
    'zope-family-dict': {
    ......
    software/jupyter/buildout.hash.cfg
    View file @ 25ce84fc
    ......@@ -23,7 +23,7 @@ md5sum = 9340498841caa5771f40f8c9e561eacd
    [jupyter-notebook-config]
    filename = jupyter_notebook_config.py.jinja
    md5sum = 6e01da7d35c1d65d4a450b0f011b296d
    md5sum = 089e4c511a3c7b110471bf41ca2695a4
    [erp5-kernel]
    filename = ERP5kernel.py
    ......
    software/jupyter/jupyter_notebook_config.py.jinja
    View file @ 25ce84fc
    ......@@ -10,5 +10,12 @@ c = get_config()
    c.NotebookApp.password = passwd("{{ password }}")
    os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH']
    os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH']
    try:
    os.environ['PATH'] = "{{ gcc_location }}/bin" + os.pathsep + os.environ['PATH']
    except KeyError:
    os.environ['PATH'] = "{{ gcc_location }}/bin"
    try:
    os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}" + os.pathsep + os.environ['PYTHONPATH']
    except KeyError:
    os.environ['PYTHONPATH'] = "{{ cythonplus_repository }}"
    software/slapos-master/buildout.hash.cfg
    View file @ 25ce84fc
    ......@@ -14,11 +14,11 @@
    # not need these here).
    [template-erp5]
    filename = instance-erp5.cfg.in
    md5sum = 2ef0ddc206c6b0982a37cfc21f23e423
    md5sum = 4d0839e359c98ba3cd516903b72f798b
    [template-balancer]
    filename = instance-balancer.cfg.in
    md5sum = 4998e62351f54700ee23a2ca8cd89329
    md5sum = 9c67c77eab5195b2674e340fb44c48a2
    [template-apache-backend-conf]
    filename = apache-backend.conf.in
    ......
    software/slapos-master/instance-balancer.cfg.in
    View file @ 25ce84fc
    ......@@ -259,14 +259,24 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
    [monitor-generate-apachedex-report-wrapper]
    recipe = slapos.cookbook:wrapper
    wrapper-path = ${directory:bin}/${:command}
    command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}"
    command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
    command = generate-apachedex-report
    [monitor-apachedex-report-config]
    recipe = slapos.recipe.template:jinja2
    rendered = ${directory:etc}/${:_buildout_section_name_}
    template = inline:
    {% for line in slapparameter_dict['apachedex-configuration'] %}
    {# apachedex config files use shlex.split, so we need to quote the arguments. #}
    {# BBB: in python 3 we can use shlex.quote instead. #}
    {{ repr(line.encode('utf-8')) }}
    {% endfor %}
    [apachedex-parameters]
    # XXX - Sample log file with curent date: apache_access.log-%(date)s.gz
    # which will be equivalent to apache_access.log-20150112.gz if the date is 2015-01-12
    apache-log-list = ${apache-conf-parameter-dict:access-log}
    configuration = {{ slapparameter_dict['apachedex-configuration'] }}
    configuration = ${monitor-apachedex-report-config:rendered}
    promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
    [{{ section('monitor-promise-apachedex-result') }}]
    ......
    software/slapos-master/instance-erp5.cfg.in
    View file @ 25ce84fc
    ......@@ -374,8 +374,17 @@ config-shared-certificate-authority-path = ${directory:ca-dir}
    config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
    config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
    config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
    config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
    '--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
    config-apachedex-configuration = {{
    dumps(
    monitor_dict.get(
    'apachedex-configuration',
    [
    '--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
    '--base', '+other', '/',
    '--skip-user-agent', 'Zabbix',
    '--error-detail',
    '--js-embed',
    '--quiet'])) }}
    [request-frontend-base]
    {% if has_frontend -%}
    ......
    stack/erp5/buildout.cfg
    View file @ 25ce84fc
    ......@@ -623,7 +623,7 @@ zope.app.publication = 3.14.0
    zope.app.testing = 3.8.1
    # Pinned versions
    APacheDEX = 1.6.2
    APacheDEX = 1.8
    Pillow = 6.2.2
    Products.CMFActionIcons = 2.1.3
    Products.DCWorkflowGraph = 0.4.1
    ......
    stack/erp5/buildout.hash.cfg
    View file @ 25ce84fc
    ......@@ -74,7 +74,7 @@ md5sum = b5ac16fdeed8863e465e955ba6d1e12a
    [template-erp5]
    filename = instance-erp5.cfg.in
    md5sum = edfd681e3a477855a581f8d01c717a92
    md5sum = 548d99118afa736e5a7c428b0c8ed560
    [template-zeo]
    filename = instance-zeo.cfg.in
    ......@@ -86,7 +86,7 @@ md5sum = c03f93f95333e6a61b857dcfab7f9c0e
    [template-balancer]
    filename = instance-balancer.cfg.in
    md5sum = 4a119083eab1eadbaf44468eb4f3381f
    md5sum = 8ad9137310ae0403d433bb3c0d93be9f
    [template-haproxy-cfg]
    filename = haproxy.cfg.in
    ......
    stack/erp5/instance-balancer.cfg.in
    View file @ 25ce84fc
    ......@@ -360,12 +360,22 @@ command = ${monitor-generate-apachedex-report-wrapper:wrapper-path}
    [monitor-generate-apachedex-report-wrapper]
    recipe = slapos.cookbook:wrapper
    wrapper-path = ${directory:bin}/${:command}
    command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration "${apachedex-parameters:configuration}"
    command-line = "{{ parameter_dict['run-apachedex-location'] }}" "{{ parameter_dict['apachedex-location'] }}" "${directory:apachedex}" ${monitor-publish-parameters:monitor-base-url}/private/apachedex --apache-log-list "${apachedex-parameters:apache-log-list}" --configuration ${apachedex-parameters:configuration}
    command = generate-apachedex-report
    [monitor-apachedex-report-config]
    recipe = slapos.recipe.template:jinja2
    rendered = ${directory:etc}/${:_buildout_section_name_}
    template = inline:
    {% for line in slapparameter_dict['apachedex-configuration'] %}
    {# apachedex config files use shlex.split, so we need to quote the arguments. #}
    {# BBB: in python 3 we can use shlex.quote instead. #}
    {{ repr(line.encode('utf-8')) }}
    {% endfor %}
    [apachedex-parameters]
    apache-log-list = ${rsyslogd-cfg-parameter-dict:access-log-file}
    configuration = {{ slapparameter_dict['apachedex-configuration'] }}
    configuration = ${monitor-apachedex-report-config:rendered}
    promise-threshold = {{ slapparameter_dict['apachedex-promise-threshold'] }}
    [{{ section('monitor-promise-apachedex-result') }}]
    ......
    stack/erp5/instance-erp5.cfg.in
    View file @ 25ce84fc
    ......@@ -350,8 +350,18 @@ config-name = ${:name}
    config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
    config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
    config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}
    config-apachedex-configuration = {{ dumps(monitor_dict.get('apachedex-configuration',
    '--erp5-base +erp5 .*/VirtualHostRoot/erp5(/|\\?|$) --base +other / --skip-user-agent Zabbix --error-detail --js-embed --quiet')) }}
    config-apachedex-configuration = {{
    dumps(
    monitor_dict.get(
    'apachedex-configuration',
    [
    '--logformat', '%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i" %{ms}T',
    '--erp5-base', '+erp5', '.*/VirtualHostRoot/erp5(/|\\?|$)',
    '--base', '+other', '/',
    '--skip-user-agent', 'Zabbix',
    '--error-detail',
    '--js-embed',
    '--quiet'])) }}
    [request-frontend-base]
    {% if has_frontend -%}
    ......
    stack/slapos.cfg
    View file @ 25ce84fc
    ......@@ -142,7 +142,7 @@ zc.recipe.egg = 2.0.3+slapos003
    # Use own version of h.r.download to be able to open .xz and .lz archives
    hexagonit.recipe.download = 1.7.post4
    Jinja2 = 2.9.5
    Jinja2 = 2.11.2
    Importing = 1.10
    MarkupSafe = 1.0
    PyYAML = 3.13
    ......@@ -200,7 +200,7 @@ slapos.rebootstrap = 4.5
    slapos.recipe.build = 0.46
    slapos.recipe.cmmi = 0.16
    slapos.recipe.template = 4.5
    slapos.toolbox = 0.112
    slapos.toolbox = 0.115
    stevedore = 1.21.0
    subprocess32 = 3.5.3
    unicodecsv = 0.14.1
    ......
    update-rc
    View file @ 25ce84fc
    #!/bin/bash
    set -e
    # Go to master
    git checkout master
    # Clean up 1.0
    git branch -D 1.0 || echo
    # Checkout 1.0
    git checkout 1.0
    git checkout origin/1.0 -b 1.0
    # Reset and Clean
    git reset --hard origin/1.0
    ......
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment
    GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7