Update Release Candidate

e36bc39c · Thomas Gambier · 75f350ea · f93bb882 · e36bc39c · e36bc39c
Commit e36bc39c authored Jan 12, 2023 by Thomas Gambier 🚴🏼
167 changed files
--- a/component/ceph/buildout.cfg
+++ b/component/ceph/buildout.cfg
@@ -35,6 +35,11 @@ recipe = slapos.recipe.build
 shared = true
 pyyaml = ${pyyaml-download:target}
 pyaml = ${pyaml-download:target}
+init =
+  # add the python executable in the options dict so that
+  # buildout signature changes if python executable changes
+  import sys
+  options['python-executable'] = sys.executable
 install =
  import os, sys

--- a/component/golang/buildout.cfg
+++ b/component/golang/buildout.cfg
@@ -48,11 +48,20 @@ md5sum = dbf727a4b0e365bf88d97cbfde590016
 environment-extra =
 # build Go without testing it
 # NOTE go1.4 does not have build cache
-make-targets= cd src && unset GOBIN && ./make.bash && cp -alf .. ${:location}
+setarch =
+make-targets= cd src && unset GOBIN && ${:setarch} ./make.bash && cp -alf .. ${:location}
+# go1.4 is used for bootstrap and does not support CGO
+environment-extra =
+  CGO_ENABLED=0
 # skip-chown-tests.patch does not apply to go1.4, but we don't run go1.4 tests.
 patches =
+# go1.4 does not have support for arm64 - build it in arm32 mode
+[golang14:platform.machine() == 'aarch64']
+setarch = setarch arm
 [golang1.12]
 <= golang-common

--- a/component/haproxy/buildout.cfg
+++ b/component/haproxy/buildout.cfg
@@ -13,8 +13,8 @@ parts = haproxy
 [haproxy]
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://www.haproxy.org/download/2.0/src/haproxy-2.0.29.tar.gz
+url = http://www.haproxy.org/download/2.6/src/haproxy-2.6.7.tar.gz
-md5sum = a4c4983c7ed51946bdde1d0eceedd527
+md5sum = cfa36413f2bc5187ab34ffcdf71914d4
 configure-command = true
 # for Linux kernel 2.6.28 and above, we use "linux-glibc" as the TARGET,
 # otherwise use "generic".
@@ -22,22 +22,43 @@ configure-command = true
 # CPU is generic, and not native, as in SlapOS software released are
 # distributed in binary form, which may lead to incompatibility of such
 # compilation optimisation across various CPUs
+TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
+CPU=generic
+ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
+# By default haproxy is build w/o QUIC support
+SSL_INC=${openssl:location}/include
+SSL_LIB=${openssl:location}/lib
+SSL_ADDLIB=-Wl,-rpath=${openssl:location}/lib
+QUIC=
 make-options =
-  TARGET="$(uname -sr 2>/dev/null|grep -Eq '^Linux (2\.6\.2[89]|2\.6\.[3-9]|[3-9])' && echo linux-glibc || echo generic)"
+  TARGET=${:TARGET}
-  CPU=generic
+  CPU=${:CPU}
-  ARCH="$(uname -m 2>/dev/null|grep -E '^(x86_64|i[3456]86)$')"
+  ARCH=${:ARCH}
  PREFIX=@@LOCATION@@
  USE_DL=1
  USE_LUA=1
  LUA_INC=${lua:location}/include
  LUA_LIB=${lua:location}/lib
  USE_OPENSSL=1
-  SSL_INC=${openssl:location}/include
+  SSL_INC=${:SSL_INC}
-  SSL_LIB=${openssl:location}/lib
+  SSL_LIB=${:SSL_LIB}
+  ${:QUIC}
  USE_PCRE=1
  USE_ZLIB=1
  ZLIB_INC=${zlib:location}/include
  ZLIB_LIB=${zlib:location}/lib
-  ADDLIB="-Wl,-rpath=${openssl:location}/lib -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
+  ADDLIB="${:SSL_ADDLIB} -Wl,-rpath=${pcre:location}/lib -Wl,-rpath=${zlib:location}/lib"
 environment =
  PATH=${pcre:location}/bin:%(PATH)s
+[haproxy-quic]
+<= haproxy
+SSL_INC=${openssl-quictls:location}/include
+SSL_LIB=${openssl-quictls:location}/lib
+SSL_ADDLIB=-Wl,-rpath=${openssl-quictls:location}/lib
+QUIC=USE_QUIC=1
--- a/component/jupyter-py2/buildout.cfg
+++ b/component/jupyter-py2/buildout.cfg
 [buildout]
-extends = 
+extends =
  buildout.hash.cfg
  ../../stack/slapos.cfg
  ../openssl/buildout.cfg
@@ -62,48 +62,26 @@ context =
 [versions]
 Pygments = 2.2.0
-astor = 0.5
-backports-abc = 0.5
-backports.shutil-get-terminal-size = 1.0.0
 ipykernel = 4.5.2
 ipython = 5.3.0
-ipython-genutils = 0.1.0
-ipywidgets = 6.0.0
 jupyter-client = 5.0.0
 jupyter-core = 4.3.0
-jupyterlab = 0.26.3
-jupyterlab-launcher = 0.3.1
-matplotlib = 2.1.2
 mistune = 0.7.3
 nbformat = 4.3.0
 notebook = 4.4.1
 prompt-toolkit = 1.0.13
-ptyprocess = 0.5.1
 pyzmq = 16.0.2
 scikit-learn = 0.18.1
-seaborn = 0.7.1
-simplegeneric = 0.8.1
 statsmodels = 0.8.0
 terminado = 0.6
 tornado = 4.4.2
-widgetsnbextension = 2.0.0
+traitlets = 4.3.3
 # nbconvert 4.2.0 depends on entrypoints egg that is not available as tar/zip source.
 nbconvert = 4.1.0
 pathlib2 = 2.2.1
 patsy = 0.4.1
 pexpect = 4.2.1
-pickleshare = 0.7.4
 scandir = 1.5
-singledispatch = 3.4.0.3
 wcwidth = 0.1.7
-jupyter = 1.0.0
 jupyter-console = 5.1.0
-qtconsole = 4.3.0
-et-xmlfile = 1.0.1
-h5py = 2.7.1
-mpmath = 1.0.0
-openpyxl = 2.5.2
-sympy = 1.1.1
-xlrd = 1.1.0
-jdcal = 1.4
--- a/component/jupyter/buildout.cfg
+++ b/component/jupyter/buildout.cfg
@@ -63,24 +63,24 @@ setup-eggs =
  ${numpy:egg}
  ${python-pyzmq:egg}
  ${ipython:egg}
-scripts = 
+scripts =
  jupyter-kernelspec
  pythonjupyter
  jupyter
  jupyter-trust
-  jupyter-nbconvert
  jupyter-console
  jupyter-migrate
  jupyter-troubleshoot
  jupyter-run
 [jupyter-notebook-initialized-scripts]
 recipe = zc.recipe.egg:scripts
 eggs = ${jupyter:eggs}
 environment = jupyter-env
-scripts = 
+scripts =
+  jupyter-nbconvert
  jupyter-nbextension
  jupyter-notebook
  jupyter-serverextension

--- a/component/libiconv/buildout.cfg
+++ b/component/libiconv/buildout.cfg
 [buildout]
-extends =
-  ../patch/buildout.cfg
 parts =
  libiconv
 [libiconv]
-patch-binary = ${patch:location}/bin/patch
-patch-options = -p1
-patches =
-  ${:_profile_base_location_}/libiconv.gets.patch#8a20d8afe0617fce56f77537d2b84621
 recipe = slapos.recipe.cmmi
 shared = true
-url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.14.tar.gz
+url = http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.17.tar.gz
-md5sum = e34509b1623cec449dfeb73d7ce9c6c6
+md5sum = d718cd5a59438be666d1575855be72c3
--- a/component/libiconv/libiconv.gets.patch
+++ b/component/libiconv/libiconv.gets.patch
--- libiconv-1.14.orig/srclib/stdio.in.h        2011-08-07 13:42:06.000000000 +0000
-+++ libiconv-1.14/srclib/stdio.in.h     2013-01-09 19:56:21.115819812 +0000
-@@ -680,22 +680,7 @@
- #endif
- #if @GNULIB_GETS@
-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
-#  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
-#   undef gets
-#   define gets rpl_gets
-#  endif
-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
-_GL_CXXALIAS_RPL (gets, char *, (char *s));
-# else
-_GL_CXXALIAS_SYS (gets, char *, (char *s));
-#  undef gets
-# endif
-_GL_CXXALIASWARN (gets);
-/* It is very rare that the developer ever has full control of stdin,
-   so any use of gets warrants an unconditional warning.  Assume it is
-   always declared, since it is required by C89.  */
-_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-+#undef gets
- #endif
--- a/component/openssl/buildout.cfg
+++ b/component/openssl/buildout.cfg
@@ -46,6 +46,11 @@ make-targets =
 environment =
  PERL=${perl:location}/bin/perl
+[openssl-quictls]
+<= openssl
+url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1s+quic1.tar.gz
+md5sum = 8ee8e1828879e2b527eca5dcc7923769
 [openssl-output]
 # Shared binary location to ease migration
 recipe = plone.recipe.command

--- a/component/python3/buildout.cfg
+++ b/component/python3/buildout.cfg
@@ -18,7 +18,7 @@ parts =
    python3
 [python3]
-<= python3.8
+<= python3.9
 [python3-common]
 recipe = slapos.recipe.cmmi

--- a/component/selenium/buildout.cfg
+++ b/component/selenium/buildout.cfg
+[buildout]
+parts =
+  selenium
+[selenium]
+recipe = zc.recipe.egg
+egg = selenium
+# patch to support python3.9
+selenium-patches = https://github.com/SeleniumHQ/selenium/commit/ddd163b681776292a72c39352581cf5c9d4f88f4.patch#c801fade1cd2019c063a0f0ef7cca3fe
+selenium-patch-options = -p2
+[versions]
+selenium = 3.141.0+SlapOSPatched001
--- a/component/theia/buildout.cfg
+++ b/component/theia/buildout.cfg
@@ -38,6 +38,7 @@ environment =
  PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
  PKG_CONFIG_PATH=${libsecret:pkg-config-path}
  LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
+  NODE_OPTIONS=--max_old_space_size=4096
 pre-configure =
  mkdir -p $TMPDIR
  echo '${package.json:content}' > %(location)s/package.json

--- a/component/xorg/buildout.cfg
+++ b/component/xorg/buildout.cfg
@@ -97,8 +97,8 @@ environment =
 [xcbproto]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://xcb.freedesktop.org/dist/xcb-proto-1.13.tar.bz2
+url = https://xcb.freedesktop.org/dist/xcb-proto-1.15.1.tar.gz
-md5sum = abe9aa4886138150bbc04ae4f29b90e3
+md5sum = 3ee98337cda244996fab03df47e09df8
 environment =
  PATH=${libxml2:location}/bin:%(PATH)s
  PYTHON=${buildout:executable}

--- a/software/beremiz-runtime/software.cfg
+++ b/software/beremiz-runtime/software.cfg
@@ -7,7 +7,7 @@ extends =
  ../../stack/monitor/buildout.cfg
  ../../stack/slapos.cfg
-parts = 
+parts =
  beremiz-source
  slapos-cookbook
  instance-profile
@@ -95,7 +95,6 @@ Automat = 0.3.0
 zope.interface = 4.4.2
 Nevow = 0.14.5
 PyHamcrest = 2.0.2
-Pygments = 2.9.0
 Pyro = 3.16
 bitarray = 2.1.3
 constantly = 15.1.0
@@ -103,7 +102,6 @@ future = 0.18.2
 hyperlink = 21.0.0
 incremental = 21.3.0
 pathlib = 1.0.1
-prompt-toolkit = 3.0.19
 zeroconf-py2compat = 0.19.10
 # Required by:

--- a/software/caddy-frontend/CHANGES.caddy_frontend.rst
+++ b/software/caddy-frontend/CHANGES.caddy_frontend.rst
-Changes
-=======
-Here are listed the most important changes, which might affect upgrades.
-1.0.XXX (XXXX-XX-XX)
--------------------
- * fix: exposed log file names are stabilised
- * feature: in case of not found instance more information are provided
- * feature: telemetry is fully disabled
- * feature: Apache Traffic Server 8.0 is used
- * feature: backend-haproxy statistic for haproxy's frontend is available
- * fix: slave publication has been fixed in case of mixed case slave reference
- * feature: running test/test.py resolves with starting backend used in tests
- * fix: automatic caucase-updater usage has been fixed
- * fix/workaround: reconnect to backend-haproxy from Caddy and Apache Traffic Server
- * fix/feature: use explicitly Apache Traffic Server simulation of stale-if-error, as in reality Apache Traffic Server does not support it
- * feature: dropped not used parameters
- * feature: Strict-Transport-Security aka HSTS
- * fix: use kedifa with with for file with multiple CAs
- * feature: support query string (the characters after ? in the url) in url and https-url
- * fix: by having unique acl names fix rare bug of directing traffic to https-url instead of url or otherwise
- * feature: failover backend
-1.0.164 (2020-09-24)
--------------------
- * feature: serve a stale result up to 1 day if the origin server is down
- * feature: request real frontend for slave introspection (aka log access)
- * fix: Kedifa reloading, it was resulting with kedifa server disallowing access after some time
- * feature: allow to set software release for each node, instead for the whole cluster
- * fix: haproxy matches correct hostname in case of wildcards, instead of using wildcard host instead of the specific one
-1.0.160 (2020-08-25)
--------------------
- * haproxy updated from 2.0.15 to 2.0.17 in order to fix issue while accessing inaccessible backends
-1.0.159 (2020-07-30)
--------------------
- * logs are ensured to be available in slave's ``log-access-url``
- * logs from backend Haproxy are also available to slaves
-1.0.158 (2020-07-24)
--------------------
- * manual customisation of profiles has been dropped, as not used, dropped keys are ``apache_custom_http``, ``apache_custom_https``, ``caddy_custom_http``, ``caddy_custom_https`` from slaves and ``-frontend-authorized-slave-string`` from master
- * ``re6st-optimal-test`` has been dropped from slave
- * QUIC is dropped, as was not used and has been superseded by HTTP/3, dropped key is ``enable-quic`` from master
- * haproxy is used as a gateway to backends:
-   * ``automatic-internal-backend-client-caucase-csr`` switch for master is introduced to control it CSR signing
-   * ``proxy-try-duration`` and ``proxy-try-interval`` has been dropped, as Caddy is not used anymore to connect to the backend, and instead ``backend-connect-timeout`` and ``backend-connect-retries`` is used, as it comes from Haproxy
-   * ``backend-client-caucase-url`` is returned in master and slave, so that backends can use caucase to fetch CA from frontend cluster
-   * ``request-timeout`` is supported per slave, as now it became possible
-   * ``authenticate-to-backend`` is added for master and slave, defaulting to False, to have control over cluster default authentication, and make it possible to do it per slave
-1.0.149 (2020-05-05)
--------------------
- * no changes noted
--- a/software/caddy-frontend/templates/Caddyfile.in
+++ b/software/caddy-frontend/templates/Caddyfile.in
-import {{ slave_configuration_directory }}/*.conf
-:{{ https_port }} {
-  tls {{ master_certificate }} {{ master_certificate }} {
-    # Allow http2
-    alpn h2 http/1.1
-  }
-  bind {{ local_ipv4 }}
-  status 404 /
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}
-:{{ http_port }} {
-  bind {{ local_ipv4 }}
-  status 404 /
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}
-# Access to server-status Caddy-style
-https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
-  tls {{ frontend_configuration['ip-access-certificate'] }} {{ frontend_configuration['ip-access-certificate'] }} {
-    # Allow http2
-    alpn h2 http/1.1
-  }
-  bind {{ local_ipv4 }}
-  basicauth "{{ username }}" {{ password | trim }} {
-    "Server Status"
-    /
-  }
-  expvar
-  pprof
-  log / {{ access_log }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
-    rotate_size 10000000
-  }
-  errors {{ error_log }} {
-    rotate_size 10000000
-    * {{ not_found_file }}
-  }
-}
--- a/software/erp5/test/test/__init__.py
+++ b/software/erp5/test/test/__init__.py
 ##############################################################################
 #
-# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
+# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -25,8 +25,10 @@
 #
 ##############################################################################
+import itertools
 import json
 import os
+import sys
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
@@ -45,9 +47,138 @@ def setUpModule():
  setup_module_executed = True
-class ERP5InstanceTestCase(SlapOSInstanceTestCase):
+# Metaclass to parameterize our tests.
+# This is a rough adaption of the parameterized package:
+#   https://github.com/wolever/parameterized
+# Consult following note for rationale why we don't use parameterized:
+#   https://lab.nexedi.com/nexedi/slapos/merge_requests/1306
+class ERP5InstanceTestMeta(type):
+  """Adjust ERP5InstanceTestCase instances to be run in several flavours (e.g. NEO/ZEO)
+  Adjustements can be declared via setting the '__test_matrix__' attribute
+  of a test case.
+  A test matrix is a dict which maps the flavoured class name suffix to
+  a tuple of parameters.
+  A parameter is a function which receives the instance_parameter_dict
+  and modifies it in place (therefore no return value is needed).
+  You can use the 'matrix' helper function to construct a test matrix.
+  If .__test_matrix__ is 'None' the test case is ignored.
+  If the test case should be run without any adaptions, you can set
+  .__test_matrix__ to 'matrix((default,))'.
+  """
+  def __new__(cls, name, bases, attrs):
+    base_class = super().__new__(cls, name, bases, attrs)
+    if base_class._isParameterized():
+      cls._parameterize(base_class)
+    return base_class
+  # _isParameterized tells whether class is parameterized.
+  # All classes with 'metaclass=ERP5InstanceTestMeta' are parameterized
+  # except from a class which has been automatically instantiated from
+  # such user class. This exception prevents infinite recursion due to
+  # a parameterized class which tries to parameterize itself again.
+  def _isParameterized(self):
+    return not getattr(self, '.created_by_parametrize', False)
+  # Create multiple test classes from single definition.
+  @classmethod
+  def _parameterize(cls, base_class):
+    mod_dict = sys.modules[base_class.__module__].__dict__
+    for class_name_suffix, parameter_tuple in (base_class.__test_matrix__ or {}).items():
+      parameterized_cls_dict = dict(
+        base_class.__dict__,
+        **{
+          # Avoid infinite loop by a parameterized class which
+          # parameterize itself again and again and..
+          ".created_by_parametrize": True,
+          # Switch
+          #
+          #  .getInstanceParameterDict       to ._test_getInstanceParameterDict
+          #  ._base_getInstanceParameterDict to .getInstanceParameterDict
+          #
+          # so that we could inject base implementation to be called above
+          # user-defined getInstanceParameterDict.
+          "_test_getInstanceParameterDict": base_class.getInstanceParameterDict,
+          "getInstanceParameterDict": cls._getParameterizedInstanceParameterDict(parameter_tuple)
+        }
+      )
+      name = f"{base_class.__name__}_{class_name_suffix}"
+      mod_dict[name] = type(name, (base_class,), parameterized_cls_dict)
+  # _getParameterizedInstanceParameterDict returns a modified version of
+  # a test cases original 'getInstanceParameterDict'. The modified version
+  # applies parameters on the default instance parameters.
+  @staticmethod
+  def _getParameterizedInstanceParameterDict(parameter_tuple):
+    @classmethod
+    def getInstanceParameterDict(cls):
+      instance_parameter_dict = json.loads(
+        cls._test_getInstanceParameterDict().get("_", r"{}")
+      )
+      [p(instance_parameter_dict) for p in parameter_tuple]
+      return {"_": json.dumps(instance_parameter_dict)}
+    return getInstanceParameterDict
+  # Hide tests in unpatched base class: It doesn't make sense to run tests
+  # in original class, because parameters have not been assigned yet.
+  #
+  # We can't simply call 'delattr', because this wouldn't remove
+  # inherited tests. Overriding dir is sufficient, because this is
+  # the way how unittest discovers tests:
+  #   https://github.com/python/cpython/blob/3.11/Lib/unittest/loader.py#L237
+  def __dir__(self):
+    if self._isParameterized():
+      return [attr for attr in super().__dir__() if not attr.startswith('test')]
+    return super().__dir__()
+def matrix(*parameter_tuple):
+  """matrix creates a mapping of test_name -> parameter_tuple.
+  Each provided parameter_tuple won't be combined within itself,
+  but with any other provided parameter_tuple, for instance
+    >>> parameter_tuple0 = (param0, param1)
+    >>> parameter_tuple1 = (param2, param3)
+    >>> matrix(parameter_tuple0, parameter_tuple1)
+  will return all options of (param0 | param1) & (param2 | param3):
+    - param0_param2
+    - param0_param3
+    - param1_param2
+    - param1_param3
+  """
+  return {
+    "_".join([p.__name__ for p in params]): params
+    for params in itertools.product(*parameter_tuple)
+  }
+# Define parameters (function which receives instance params + modifies them).
+#
+# default runs tests without any adaption
+def default(instance_parameter_dict): ...
+def zeo(instance_parameter_dict):
+  instance_parameter_dict['zodb'] = [{"type": "zeo", "server": {}}]
+def neo(instance_parameter_dict):
+   # We don't provide encryption certificates in test runs for the sake
+  # of simplicity. By default SSL is turned on, we need to explicitly
+  # deactivate it:
+  #   https://lab.nexedi.com/nexedi/slapos/blob/a8150a1ac/software/neoppod/instance-neo-input-schema.json#L61-65
+  instance_parameter_dict['zodb'] = [{"type": "neo", "server": {"ssl": False}}]
+class ERP5InstanceTestCase(SlapOSInstanceTestCase, metaclass=ERP5InstanceTestMeta):
  """ERP5 base test case
  """
+  __test_matrix__ = matrix((zeo, neo))  # switch between NEO and ZEO mode
  @classmethod
  def getRootPartitionConnectionParameterDict(cls):
    """Return the output paramters from the root partition"""

--- a/software/erp5/test/test/test_balancer.py
+++ b/software/erp5/test/test/test_balancer.py
@@ -25,7 +25,7 @@ from slapos.testing.testcase import ManagedResource
 from slapos.testing.utils import (CrontabMixin, ManagedHTTPServer,
                                  findFreeTCPPort)
-from . import ERP5InstanceTestCase, setUpModule
+from . import ERP5InstanceTestCase, setUpModule, matrix, default
 setUpModule  # pyflakes
@@ -132,6 +132,12 @@ class CaucaseService(ManagedResource):
 class BalancerTestCase(ERP5InstanceTestCase):
+  # We explicitly specify 'balancer' as our software type here,
+  # therefore we don't request ZODB. We therefore don't
+  # need to run these tests with both NEO and ZEO mode,
+  # it wouldn't make any difference.
+  #   https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
+  __test_matrix__ = matrix((default,))
  @classmethod
  def getInstanceSoftwareType(cls):

--- a/software/erp5/test/test/test_erp5.py
+++ b/software/erp5/test/test/test_erp5.py
 ##############################################################################
 #
-# Copyright (c) 2018 Nexedi SA and Contributors. All Rights Reserved.
+# Copyright (c) 2022 Nexedi SA and Contributors. All Rights Reserved.
 #
 # WARNING: This program as such is intended to be used by professional
 # programmers who take the whole responsibility of assessing all potential
@@ -46,7 +46,7 @@ import xmlrpc.client
 import urllib3
 from slapos.testing.utils import CrontabMixin
-from . import ERP5InstanceTestCase, setUpModule
+from . import ERP5InstanceTestCase, setUpModule, matrix, default
 setUpModule # pyflakes
@@ -119,6 +119,7 @@ class TestDefaultParameters(ERP5InstanceTestCase, TestPublishedURLIsReachableMix
  """Test ERP5 can be instantiated with no parameters
  """
  __partition_reference__ = 'defp'
+  __test_matrix__ = matrix((default,))
 class TestMedusa(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
@@ -310,6 +311,7 @@ class TestZopeNodeParameterOverride(ERP5InstanceTestCase, TestPublishedURLIsReac
  """Test override zope node parameters
  """
  __partition_reference__ = 'override'
+  __test_matrix__ = matrix((default,))
  @classmethod
  def getInstanceParameterDict(cls):

--- a/software/erp5/test/test/test_mariadb.py
+++ b/software/erp5/test/test/test_mariadb.py
@@ -45,6 +45,9 @@ from slapos.testing.utils import getPromisePluginParameterDict
 from . import ERP5InstanceTestCase
 from . import setUpModule
+from . import matrix
+from . import default
 setUpModule  # pyflakes
@@ -52,6 +55,12 @@ class MariaDBTestCase(ERP5InstanceTestCase):
  """Base test case for mariadb tests.
  """
  __partition_reference__ = 'm'
+  # We explicitly specify 'mariadb' as our software type here,
+  # therefore we don't request ZODB. We therefore don't
+  # need to run these tests with both NEO and ZEO mode,
+  # it wouldn't make any difference.
+  #   https://lab.nexedi.com/nexedi/slapos/blob/273037c8/stack/erp5/instance.cfg.in#L216-230
+  __test_matrix__ = matrix((default,))
  @classmethod
  def getInstanceSoftwareType(cls):

--- a/software/erp5/test/test/test_wcfs.py
+++ b/software/erp5/test/test/test_wcfs.py
-# Copyright (C) 2021  Nexedi SA and Contributors.
+# Copyright (C) 2022  Nexedi SA and Contributors.
 #
 # This program is free software: you can Use, Study, Modify and Redistribute
 # it under the terms of the GNU General Public License version 3, or (at your
@@ -43,6 +43,18 @@ class TestWCFS(ERP5InstanceTestCase, TestPublishedURLIsReachableMixin):
  """
  __partition_reference__ = 'wcfs'
+  # Only run in ZEO mode; don't run with NEO.
+  # Current NEO/py and NEO/go versions have interoperability
+  # issues. Once these issues are fixed the following
+  # lines have to be removed so that test case runs agains NEO.
+  # Please see the following MR for more context:
+  # https://lab.nexedi.com/nexedi/slapos/merge_requests/1283#note_174854
+  @classmethod
+  def setUpClass(cls):
+    if json.loads(cls.getInstanceParameterDict()["_"])['zodb'][0]["type"] == "neo":
+      raise unittest.SkipTest("Not yet fixed WCFS+NEO interoperability issue.")
+    super().setUpClass()
  @classmethod
  def getInstanceParameterDict(cls):
    return {'_': json.dumps({'wcfs': {'enable': True}})}

--- a/software/erp5/upgrade_test/test.py
+++ b/software/erp5/upgrade_test/test.py
@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
  makeModuleSetUpAndTestCaseClass,
 )
-old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.7/software/erp5/software.cfg'
+old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
 new_software_release_url = os.path.abspath(
  os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))

--- a/software/jstestnode/software.cfg
+++ b/software/jstestnode/software.cfg
@@ -13,6 +13,7 @@ extends =
  ../../component/nginx/buildout.cfg
  ../../component/openssl/buildout.cfg
  ../../component/curl/buildout.cfg
+  ../../component/selenium/buildout.cfg
  ./buildout.hash.cfg
 parts =
@@ -36,7 +37,7 @@ parts =
 recipe = zc.recipe.egg
 eggs =
  erp5.util
-  selenium
+  ${selenium:egg}
  certifi
  ${lxml-python:egg}
 interpreter = pythonwitheggs
@@ -126,6 +127,3 @@ output = ${buildout:directory}/template-nginx.cfg.in
 [template-runTestSuite]
 <= macro-template
 output = ${buildout:directory}/runTestSuite.in
-[versions]
-selenium = 3.141.0
--- a/software/jupyter/software.cfg
+++ b/software/jupyter/software.cfg
@@ -43,64 +43,3 @@ output = ${buildout:directory}/template.cfg
 [instance-jupyter]
 <= download-file-base
-[versions]
-Pygments = 2.7.2
-astor = 0.5
-async-generator = 1.10
-backports-abc = 0.5
-backports.shutil-get-terminal-size = 1.0.0
-bleach = 3.2.1
-defusedxml = 0.6.0
-entrypoints = 0.3
-ipykernel = 5.3.4:whl
-ipython = 5.3.0
-ipython-genutils = 0.1.0
-ipywidgets = 6.0.0
-jupyter-client = 6.1.7
-jupyter-core = 4.7.0
-jupyterlab = 0.26.3
-jupyterlab-launcher = 0.3.1
-jupyterlab-pygments = 0.1.2
-matplotlib = 2.1.2
-mistune = 0.8.4
-nest-asyncio = 1.4.3
-nbclient = 0.5.1
-nbformat = 5.0.8
-notebook = 6.1.5
-pandocfilters = 1.4.3
-prompt-toolkit = 1.0.13
-ptyprocess = 0.5.1
-pyzmq = 20.0.0
-scikit-learn = 0.20.4
-seaborn = 0.7.1
-simplegeneric = 0.8.1
-statsmodels = 0.11.1
-testpath = 0.4.4
-terminado = 0.9.1
-tornado = 6.1
-traitlets = 5.0.5
-webencodings = 0.5.1
-widgetsnbextension = 2.0.0
-Send2Trash = 1.5.0
-argon2-cffi = 20.1.0
-nbconvert = 6.0.7
-pathlib2 = 2.2.1
-patsy = 0.5.1
-pexpect = 4.8.0
-pickleshare = 0.7.4
-prometheus-client = 0.9.0
-scandir = 1.5
-pytz = 2020.4
-singledispatch = 3.4.0.3
-wcwidth = 0.1.7
-jupyter = 1.0.0
-jupyter-console = 5.1.0
-qtconsole = 4.3.0
-et-xmlfile = 1.0.1
-h5py = 2.7.1
-mpmath = 1.0.0
-openpyxl = 2.5.2
-sympy = 1.1.1
-xlrd = 1.1.0
-jdcal = 1.4
--- a/software/jupyter/test/test.py
+++ b/software/jupyter/test/test.py
@@ -31,6 +31,7 @@ import json
 import os
 import requests
 import sqlite3
+import subprocess
 from slapos.proxy.db_version import DB_VERSION
 from slapos.testing.testcase import makeModuleSetUpAndTestCaseClass
@@ -268,3 +269,67 @@ class TestJupyterCustomAdditional(SelectMixin, InstanceTestCase):
    # clean up the fake master
    r.destroyed()
+class TestIPython(InstanceTestCase):
+  converted_notebook = 'test.nbconvert.ipynb'
+  notebook_filename = 'test.ipynb'
+  test_sentence = 'test'
+  def setUp(self):
+    super().setUp()
+    notebook_source = {
+      "cells": [
+        {
+        "cell_type": "code",
+        "execution_count": None,
+        "metadata": {},
+        "outputs": [],
+        "source": [
+          "import sys\n",
+          "print('" + self.test_sentence + "')"
+        ]
+        }
+      ],
+      "metadata": {},
+      "nbformat": 4,
+      "nbformat_minor": 4
+    }
+    with open(self.notebook_filename, 'w') as notebook:
+      notebook.write(json.dumps(notebook_source))
+  def tearDown(self):
+    os.remove(self.notebook_filename)
+    if os.path.exists(self.converted_notebook):
+      os.remove(self.converted_notebook)
+    super().tearDown()
+  def test(self):
+    conversion_output = subprocess.check_output([
+      os.path.join(
+        self.computer_partition_root_path,
+        'software_release',
+        'bin',
+        'jupyter-nbconvert',
+      ),
+      '--execute',
+      '--to',
+      'notebook',
+      self.notebook_filename,
+    ], stderr=subprocess.STDOUT, text=True)
+    self.assertIn(
+      '[NbConvertApp] Converting notebook %s to notebook' % self.notebook_filename,
+      conversion_output,
+    )
+    self.assertRegex(
+      conversion_output,
+      r'\[NbConvertApp\] Writing \d+ bytes to %s' % self.converted_notebook
+    )
+    self.assertTrue(os.path.exists(self.converted_notebook))
+    with open(self.converted_notebook) as json_result:
+      self.assertEqual(
+        json.loads(json_result.read())['cells'][0]['outputs'][0]['text'][0],
+        self.test_sentence + '\n',
+      )
--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
-==============
+=========
-Caddy Frontend
+Rapid.CDN
-==============
+=========
-Frontend system using Caddy, based on apache-frontend software release, allowing to rewrite and proxy URLs like myinstance.myfrontenddomainname.com to real IP/URL of myinstance.
+Software release which provides CDN - Content Delivery Network. It has a lot of features like:
-Caddy Frontend works using the master instance / slave instance design. It means that a single main instance of Caddy will be used to act as frontend for many slaves.
+ * provides cluster of exposed nodes in various regions
+ * handles zero knowledge for SSL certificates
-This documentation covers only specific scenarios. Most of the parameters are described in `software.cfg.json <software.cfg.json>`_.
+ * by using concept of SlapOS Master slaves allows user to request frontends with specific configuration
+ * provides various frontend types
-Software type
-=============
-Caddy frontend is available in 4 software types:
-  * ``default`` : The standard way to use the Caddy frontend configuring everything with a few given parameters
-  * ``custom-personal`` : This software type allow each slave to edit its Caddy configuration file
-  * ``default-slave`` : XXX
-  * ``custom-personal-slave`` : XXX
+This documentation is fully minimalistict, as `software.cfg.json <software.cfg.json>`_ contains most of explanations.
 About frontend replication
 ==========================
@@ -40,21 +33,19 @@ For example::
  <parameter id="-frontend-type">custom-personal</parameter>
  <parameter id="-frontend-2-state">stopped</parameter>
  <parameter id="-sla-3-computer_guid">COMP-1234</parameter>
-  <parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg</parameter>
+  <parameter id="-frontend-3-software-release-url">https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg</parameter>
-will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/caddy-frontend/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.
+will request the third frontend on COMP-1234 and with SR https://lab.nexedi.com/nexedi/slapos/raw/someid/software/rapid-cdn/software.cfg. All frontends will be of software type ``custom-personal``. The second frontend will be requested with the state stopped.
 *Note*: the way slaves are transformed to a parameter avoid modifying more than 3 lines in the frontend logic.
-**Important NOTE**: The way you ask for slave to a replicate frontend is the same as the one you would use for the software given in "-frontend-quantity". Do not forget to use "replicate" for software type. XXXXX So far it is not possible to do a simple request on a replicate frontend if you do not know the software_guid or other sla-parameter of the master instance. In fact we do not know yet the software type of the "requested" frontends. TO BE IMPLEMENTED
 How to deploy a frontend server
 ===============================
 This is to deploy an entire frontend server with a public IPv4.  If you want to use an already deployed frontend to make your service available via ipv4, switch to the "Example" parts.
-First, you will need to request a "master" instance of Caddy Frontend with:
+First, you will need to request a "master" instance of Rapid.CDN with:
  * A ``domain`` parameter where the frontend will be available
@@ -65,10 +56,10 @@ like::
   <parameter id="domain">moulefrite.org</parameter>
  </instance>
-Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Caddy Frontend, like::
+Then, it is possible to request many slave instances (currently only from slapconsole, UI doesn't work yet) of Rapid.CDN , like::
  instance = request(
-    software_release=caddy_frontend,
+    software_release=rapid_cdn,
    partition_reference='frontend2',
    shared=True,
    partition_parameter_kw={"url":"https://[1:2:3:4]:1234/someresource"}
@@ -81,11 +72,9 @@ Finally, the slave instance will be accessible from: https://someidentifier.moul
 About SSL and SlapOS Master Zero Knowledge
 ==========================================
-**IMPORTANT**: One Caddy can not serve more than one specific SSL site and be compatible with obsolete browser (i.e.: IE8). See http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
+**IMPORTANT**: Old browsers, like Internet Explorer 8, which do not supporting `SNI <http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI>`_ might not be able to use SSL based endpoints (https).
-SSL keys and certificates are directly send to the frontend cluster in order to follow zero knowledge principle of SlapOS Master.
-*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate.  This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
+*Note*: Until master partition or slave specific certificate is uploaded each slave is served with fallback certificate. This fallback certificate is self signed, does not match served hostname and results with lack of response on HTTPs.
 Obtaining CA for KeDiFa
 -----------------------
@@ -186,11 +175,11 @@ Using the IP given by the Master Instance.  "domain" is a mandatory Parameter.
 port
 ~~~~
-Port used by Caddy. Optional parameter, defaults to 4443.
+Port used by Rapid.CDN. Optional parameter, defaults to 4443.
 plain_http_port
 ~~~~~~~~~~~~~~~
-Port used by Caddy to serve plain http (only used to redirect to https).
+Port used by Rapid.CDN to serve plain http (only used to redirect to https).
 Optional parameter, defaults to 8080.
@@ -247,7 +236,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
 redirected and accessible from the proxy::
  instance = request(
-    software_release=caddy_frontend,
+    software_release=rapid_cdn,
    software_type="RootSoftwareInstance",
    partition_reference='my frontend',
    shared=True,
@@ -265,7 +254,7 @@ https://[1:2:3:4:5:6:7:8]:1234 will be redirected and accessible from the
 proxy::
  instance = request(
-    software_release=caddy_frontend,
+    software_release=rapid_cdn,
    software_type="RootSoftwareInstance",
    partition_reference='my frontend',
    shared=True,
@@ -285,7 +274,7 @@ https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
 the proxy::
  instance = request(
-    software_release=caddy_frontend,
+    software_release=rapid_cdn,
    software_type="RootSoftwareInstance",
    partition_reference='my frontend',
    shared=True,
@@ -304,65 +293,13 @@ Simple Example
 Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
  instance = request(
-    software_release=caddy_frontend,
+    software_release=rapid_cdn,
-    software_type="RootSoftwareInstance",
-    partition_reference='my frontend',
-    shared=True,
-    software_type="custom-personal",
-    partition_parameter_kw={
-        "url":"https://[1:2:3:4:5:6:7:8]:1234",
-Simple Cache Example - XXX - to be written
------------------------------------------
-Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be::
-  instance = request(
-    software_release=caddy_frontend,
-    software_type="RootSoftwareInstance",
-    partition_reference='my frontend',
-    shared=True,
-    software_type="custom-personal",
-    partition_parameter_kw={
-        "url":"https://[1:2:3:4:5:6:7:8]:1234",
-	"domain": "www.example.org",
-	"enable_cache": "True",
-Advanced example - XXX - to be written
--------------------------------------
-Request slave frontend instance using custom apache configuration, willing to use cache and ssl certificates.
-Listening to a custom domain and redirecting to /erp5/ so that
-https://[1:2:3:4:5:6:7:8]:1234/erp5/ will be redirected and accessible from
-the proxy::
-  instance = request(
-    software_release=caddy_frontend,
    software_type="RootSoftwareInstance",
    partition_reference='my frontend',
    shared=True,
    software_type="custom-personal",
    partition_parameter_kw={
        "url":"https://[1:2:3:4:5:6:7:8]:1234",
-        "enable_cache":"true",
-        "type":"zope",
-        "path":"/erp5",
-        "domain":"example.org",
-    "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
-  XXXXXXX..........XXXXXXXXXXXXXXX
-  -----END RSA PRIVATE KEY-----",
-      "ssl_crt":'-----BEGIN CERTIFICATE-----
-  XXXXXXXXXXX.............XXXXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE-----',
-      "ssl_ca_crt":'-----BEGIN CERTIFICATE-----
-  XXXXXXXXX...........XXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE-----',
-      "ssl_csr":'-----BEGIN CERTIFICATE REQUEST-----
-  XXXXXXXXXXXXXXX.............XXXXXXXXXXXXXXXXXX
-  -----END CERTIFICATE REQUEST-----',
-    }
-  )
 Promises
 ========
@@ -415,8 +352,7 @@ Solution 2 (network capability)
 It is also possible to directly allow the service to listen on 80 and 443 ports using the following command::
-  setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/go.work/bin/caddy
+  setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$RAPID_CDN_SOFTWARE_RELEASE_MD5/parts/haproxy/sbin/haproxy
-  setcap 'cap_net_bind_service=+ep' /opt/slapgrid/$CADDY_FRONTEND_SOFTWARE_RELEASE_MD5/parts/6tunnel/bin/6tunnel
 Then specify in the master instance parameters:
@@ -450,7 +386,7 @@ Keep the naming in instance profiles:
 Instantiated cluster structure
 ------------------------------
-Instantiating caddy-frontend results with a cluster in various partitions:
+Instantiating Rapid.CDN results with a cluster in various partitions:
 * master (the controlling one)
 * kedifa (contains kedifa server)
@@ -458,20 +394,20 @@ Instantiating caddy-frontend results with a cluster in various partitions:
 It means sites are served in ``frontend-node-N`` partition, and this partition is structured as:
- * Caddy serving the browser [client-facing-caddy]
+ * Haproxy serving the browser [client-facing-haproxy]
 * (optional) Apache Traffic Server for caching [ats]
 * Haproxy as a way to communicate to the backend [backend-facing-haproxy]
- * some other additional tools (6tunnel, monitor, etc)
+ * some other additional tools (monitor, etc)
 In case of slaves without cache (``enable_cache = False``) the request will travel as follows::
-  client-facing-caddy --> backend-facing-haproxy --> backend
+  client-facing-haproxy --> backend-facing-haproxy --> backend
 In case of slaves using cache (``enable_cache = True``) the request will travel as follows::
-  client-facing-caddy --> ats --> backend-facing-haproxy --> backend
+  client-facing-haproxy --> ats --> backend-facing-haproxy --> backend
-Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from Caddy and allows future developments like client SSL certificates to the backend or even health checks.
+Usage of Haproxy as a relay to the backend allows much better control of the backend, removes the hassle of checking the backend from frontend Haproxy and allows future developments like client SSL certificates to the backend or even health checks.
 Kedifa implementation
 ---------------------
@@ -487,7 +423,7 @@ If ``automatic-internal-kedifa-caucase-csr`` is enabled (by default it is) there
 Support for X-Real-Ip and X-Forwarded-For
 -----------------------------------------
-X-Forwarded-For and X-Real-Ip are transmitted to the backend, but only for IPv4 access to the frontend. In case of IPv6 access, the provided IP will be wrong, because of using 6tunnel.
+X-Forwarded-For and X-Real-Ip are transmitted to the backend.
 Automatic Internal Caucase CSR
 ------------------------------
@@ -517,3 +453,30 @@ Having in mind such structure:
 In ``caucase-instance`` CAUCASE user is created by automatically signing one user certificate, which allows to sign service certificates.
 The ``csr-instance`` creates CSR, extracts the ID of the CSR, exposes it via HTTP and ask caucase on ``caucase-instance`` to sign it. The ``caucase-instance`` checks that exposed CSR id matches the one send to caucase and by using created user to signs it.
+Content-Type header
+~~~~~~~~~~~~~~~~~~~
+The ``Content-Type`` header is not modified by the CDN at all. Previous implementation based on Caddy software tried to guess it.
+Date header
+~~~~~~~~~~~
+The ``Date`` is added only if not sent by the backend. It's done on backend-facing component and kept in caching component as is. Previous implementation was adding this header in the cache component.
+websocket
+~~~~~~~~~
+All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
+Experimental QuicTLS
+~~~~~~~~~~~~~~~~~~~~
+`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
+Experimental QUIC
+~~~~~~~~~~~~~~~~~
+QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
+Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = d408adbd12d4161c22fe9c29118fd83e
+md5sum = a7cd4f5e23208bd9bf37cec03ad92fcd
 [profile-common]
 filename = instance-common.cfg.in
@@ -22,35 +22,35 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = 7c966ea975cea4dcea09281466df8082
+md5sum = daf89318c2c155132c34b91105c68806
 [profile-master]
 filename = instance-master.cfg.in
-md5sum = cfd5212f27696311f12c92dfce32cc59
+md5sum = b026a6df40f3d1090ceaa3451a9293fe
 [profile-slave-list]
 filename = instance-slave-list.cfg.in
-md5sum = aba91817a1b58377597500f676603d23
+md5sum = ca2e775e7bd2a96e46113a628461a46f
 [profile-master-publish-slave-information]
 filename = instance-master-publish-slave-information.cfg.in
 md5sum = cba4d995962f7fbeae3f61c9372c4181
-[template-caddy-frontend-configuration]
+[template-frontend-haproxy-configuration]
-_update_hash_filename_ = templates/Caddyfile.in
+_update_hash_filename_ = templates/frontend-haproxy.cfg.in
-md5sum = 9600df12af5787227825ddffd715b9cf
+md5sum = 4af0e29ac2399aac10de116b4fa3ac25
+[template-frontend-haproxy-crt-list]
+_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
+md5sum = 13c294af9950939c76021eb19305f3ab
 [template-not-found-html]
 _update_hash_filename_ = templates/notfound.html
-md5sum = 88af61e7abbf30dc99a1a2526161128d
+md5sum = d56e2cfab274cbbbe5b387f2f6e417df
-[template-default-slave-virtualhost]
-_update_hash_filename_ = templates/default-virtualhost.conf.in
-md5sum = 57c86795293b11300a036f5f8cf2c868
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 81c73a4995409acb548621e5fb11d481
+md5sum = b4b55d931249f11e4e1256afeb74b503
 [template-empty]
 _update_hash_filename_ = templates/empty.in
@@ -104,6 +104,10 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
 filename = instance-kedifa.cfg.in
 md5sum = d790e23ebf7b07bb245322629d402551
+[template-frontend-haproxy-rsyslogd-conf]
+_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
+md5sum = 420f66264d4cd24070a5a7b325e09ccd
 [template-backend-haproxy-rsyslogd-conf]
 _update_hash_filename_ = templates/backend-haproxy-rsyslogd.conf.in
 md5sum = ba91b7778c3d730353d42d7804ef8050

--- a/software/caddy-frontend/instance-common.cfg.in
+++ b/software/caddy-frontend/instance-common.cfg.in
--- a/software/caddy-frontend/instance-frontend.cfg.in
+++ b/software/caddy-frontend/instance-frontend.cfg.in
 {% import "caucase" as caucase with context %}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
+{%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
+{%-   if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
+{%-     set FRONTEND_HAPROXY_QUIC = True %}
+{%-   else %}
+{%-     set FRONTEND_HAPROXY_QUIC = False %}
+{%-   endif %}
+{%- else %}
+{%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
+{%-   set FRONTEND_HAPROXY_QUIC = False %}
+{%- endif %}
+{%- set BACKEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
 [buildout]
 extends =
  {{ software_parameter_dict['profile_common'] }}
@@ -8,21 +20,13 @@ extends =
 parts =
  directory
-  logrotate-entry-caddy
-  caddy-frontend
  software-py
  switch-frontend-softwaretype
  caucase-updater
  caucase-updater-promise
  backend-client-caucase-updater
  backend-client-caucase-updater-promise
-  frontend-caddy-graceful
  port-redirection
-  promise-frontend-caddy-configuration
-  promise-caddy-frontend-v4-https
-  promise-caddy-frontend-v4-http
-  promise-caddy-frontend-v6-https
-  promise-caddy-frontend-v6-http
  promise-logrotate-setup
  trafficserver-launcher
@@ -37,13 +41,23 @@ parts =
  trafficserver-promise-listen-port
  trafficserver-promise-cache-availability
  cron-entry-logrotate-trafficserver
-## Monitor for Caddy
+## Monitor
  monitor-base
  monitor-ats-cache-stats-wrapper
  monitor-traffic-summary-last-stats-wrapper
-  monitor-caddy-server-status-wrapper
  monitor-verify-re6st-connectivity
+  frontend-haproxy-rsyslogd-configuration
+  frontend-haproxy-rsyslogd
+  logrotate-entry-frontend-haproxy
+  frontend-haproxy
+  frontend-haproxy-graceful
+  promise-frontend-frontend-haproxy-configuration
+  promise-frontend-haproxy-v4-https
+  promise-frontend-haproxy-v4-http
+  promise-frontend-haproxy-v6-https
+  promise-frontend-haproxy-v6-http
  backend-haproxy-rsyslogd-configuration
  backend-haproxy-rsyslogd
  logrotate-entry-backend-haproxy
@@ -147,6 +161,7 @@ backup = ${:srv}/backup
 log = ${:var}/log
 run = ${:var}/run
 backend-haproxy-rsyslogd-spool = ${:run}/backend-haproxy-rsyslogd-spool
+frontend-haproxy-rsyslogd-spool = ${:run}/frontend-haproxy-rsyslogd-spool
 service = ${:etc}/service
 etc-run = ${:etc}/run
@@ -175,8 +190,6 @@ single-custom-personal = dynamic-custom-personal-profile-slave-list:output
 [frontend-configuration]
 ip-access-certificate = ${self-signed-ip-access:certificate}
-caddy-ipv6 = {{ instance_parameter_dict['ipv6-random'] }}
-caddy-https-port = ${configuration:port}
 slave-introspection-configuration = ${directory:etc}/slave-introspection-httpd-nginx.conf
 slave-introspection-https-port = ${configuration:slave-introspection-https-port}
 slave-introspection-secure_access = ${slave-introspection-frontend:connection-secure_access}
@@ -187,7 +200,7 @@ recipe = plone.recipe.command
 update-command = ${:command}
 ipv6 = ${slap-configuration:ipv6-random}
 ipv4 = {{instance_parameter_dict['ipv4-random']}}
-certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
+certificate = ${frontend-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
 command =
@@ -211,7 +224,7 @@ recipe = plone.recipe.command
 update-command = ${:command}
 ipv6 = ${slap-configuration:ipv6-random}
 ipv4 = {{instance_parameter_dict['ipv4-random']}}
-certificate = ${caddy-directory:master-autocert-dir}/fallback-access.crt
+certificate = ${frontend-directory:master-autocert-dir}/fallback-access.crt
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
 command =
@@ -244,7 +257,9 @@ context =
 [software-release-path]
 template-empty = {{ software_parameter_dict['template_empty'] }}
-template-default-slave-virtualhost = {{ software_parameter_dict['template_default_slave_virtualhost'] }}
+template-frontend-haproxy-configuration = {{ software_parameter_dict['template_frontend_haproxy_configuration'] }}
+template-frontend-haproxy-crt-list = {{ software_parameter_dict['template_frontend_haproxy_crt_list'] }}
+template-frontend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_frontend_haproxy_rsyslogd_conf'] }}
 template-backend-haproxy-configuration = {{ software_parameter_dict['template_backend_haproxy_configuration'] }}
 template-backend-haproxy-rsyslogd-conf = {{ software_parameter_dict['template_backend_haproxy_rsyslogd_conf'] }}
 template-expose-csr-nginx-conf = {{ software_parameter_dict['template_expose_csr_nginx_conf'] }}
@@ -357,114 +372,108 @@ backend-client-caucase-url = {{ slapparameter_dict['backend-client-caucase-url']
 partition_ipv6 =  ${slap-configuration:ipv6-random}
 url-ready-file = ${directory:var}/url-ready.txt
 extra-context =
-    key caddy_configuration_directory caddy-directory:slave-configuration
    key backend_client_caucase_url :backend-client-caucase-url
    import furl_module furl
    import urllib_module urllib
    import operator_module operator
    key master_key_download_url :master_key_download_url
-    key autocert caddy-directory:autocert
-    key caddy_log_directory caddy-directory:slave-log
    key url_ready_file :url-ready-file
    key expose_csr_organization :organization
    key expose_csr_organizational_unit :organizational-unit
    key global_ipv6 slap-configuration:ipv6-random
    key empty_template software-release-path:template-empty
-    key template_default_slave_configuration software-release-path:template-default-slave-virtualhost
    key template_expose_csr_nginx_conf software-release-path:template-expose-csr-nginx-conf
    key software_type :software_type
-    key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:output
+    key frontend_lazy_graceful_reload frontend-haproxy-lazy-graceful:output
    key monitor_base_url monitor-instance-parameter:monitor-base-url
    key node_id frontend-node-id:value
    key version_hash version-hash:value
    key software_release_url version-hash:software-release-url
    key node_information frontend-node-information:value
-    key custom_ssl_directory caddy-directory:custom-ssl-directory
 # BBB: SlapOS Master non-zero knowledge BEGIN
    key apache_certificate apache-certificate:output
 # BBB: SlapOS Master non-zero knowledge END
+    key custom_ssl_directory frontend-directory:custom-ssl-directory
+## frontend haproxy
+    key template_frontend_haproxy_configuration software-release-path:template-frontend-haproxy-configuration
+    key template_frontend_haproxy_crt_list software-release-path:template-frontend-haproxy-crt-list
 ## backend haproxy
    key template_backend_haproxy_configuration software-release-path:template-backend-haproxy-configuration
 ## Configuration passed by section
+    section frontend_directory frontend-directory
    section configuration configuration
+    section frontend_haproxy_configuration frontend-haproxy-configuration
    section backend_haproxy_configuration backend-haproxy-configuration
    section instance_parameter_dict instance-parameter-section
    section frontend_configuration frontend-configuration
-    section caddy_configuration caddy-configuration
    section kedifa_configuration kedifa-configuration
    section software_parameter_dict software-parameter-section
-# Deploy Caddy Frontend with Jinja power
+# Deploy frontend with Jinja power
-[dynamic-caddy-frontend-template]
+[frontend-haproxy-rsyslogd-config]
-< = jinja2-template-base
+log-socket = ${directory:run}/fhlog.sck
-url = {{ software_parameter_dict['template_caddy_frontend_configuration'] }}
+log-file = ${directory:log}/frontend-haproxy.log
-output = ${caddy-configuration:frontend-configuration}
+pid-file = ${directory:run}/frontend-haproxy-rsyslogd.pid
-local_ipv4 =  {{ dumps(instance_parameter_dict['ipv4-random']) }}
+spool-directory = ${directory:frontend-haproxy-rsyslogd-spool}
+graceful-command = kill -HUP $(cat ${:pid-file})
+slave-log-directory = ${frontend-directory:slave-log}
+[frontend-haproxy-rsyslogd-configuration]
+<= jinja2-template-base
+url = ${software-release-path:template-frontend-haproxy-rsyslogd-conf}
+output = ${directory:etc}/frontend-haproxy-rsyslogd.conf
+local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 extra-context =
    key instance_home buildout:directory
-    key master_certificate caddy-configuration:master-certificate
+    key master_certificate frontend-haproxy-configuration:master-certificate
-    key access_log caddy-configuration:access-log
+    key access_log frontend-haproxy-configuration:access-log
-    key slave_configuration_directory caddy-directory:slave-configuration
+    key slave_configuration_directory frontend-directory:slave-configuration
    section frontend_configuration frontend-configuration
    key http_port configuration:plain_http_port
    key https_port configuration:port
    key global_ipv6 slap-configuration:ipv6-random
    key local_ipv4 :local_ipv4
-    key error_log caddy-configuration:error-log
+    key error_log frontend-haproxy-configuration:error-log
-    key not_found_file caddy-configuration:not-found-file
    key username monitor-instance-parameter:username
    key password monitor-htpasswd:passwd
 # BBB: SlapOS Master non-zero knowledge BEGIN
    key apache_certificate apache-certificate:output
 # BBB: SlapOS Master non-zero knowledge END
+    section configuration frontend-haproxy-rsyslogd-config
-[caddy-wrapper]
+[frontend-haproxy-rsyslogd]
-recipe = slapos.recipe.template:jinja2
-inline =
-  #!/bin/sh
-  export CADDYPATH=${directory:frontend_cluster}
-  ulimit -n $(ulimit -Hn)
-  exec {{ software_parameter_dict['caddy'] }} \
-  -conf ${dynamic-caddy-frontend-template:output} \
-  -log ${caddy-configuration:error-log} \
-  -log-roll-mb 0 \
-  -http2=true \
-  -grace {{ instance_parameter_dict['configuration.mpm-graceful-shutdown-timeout'] }}s \
-  -disable-http-challenge \
-  -disable-tls-alpn-challenge \
-   "$@"
-output = ${directory:bin}/caddy-wrapper
-[caddy-frontend]
 recipe = slapos.cookbook:wrapper
-command-line = ${caddy-wrapper:output} -pidfile ${caddy-configuration:pid-file}
+command-line = {{ software_parameter_dict['rsyslogd_executable'] }} -i ${frontend-haproxy-rsyslogd-config:pid-file} -n -f ${frontend-haproxy-rsyslogd-configuration:output}
-wrapper-path = ${directory:service}/frontend_caddy
+wrapper-path = ${directory:service}/frontend-haproxy-rsyslogd
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
-hash-files = ${caddy-wrapper:output}
-[not-found-html]
+[logrotate-entry-frontend-haproxy]
-recipe = plone.recipe.command
+<= logrotate-entry-base
-update-command = ${:command}
+name = frontend-haproxy
-filename = notfound.html
+log = ${frontend-haproxy-rsyslogd-config:log-file}
-command = ln -sf  {{ software_parameter_dict['template_not_found_html'] }} ${caddy-directory:document-root}/${:filename}
+rotate-num = ${configuration:rotate-num}
+# Note: Slaves do not define their own reload, as this would be repeated,
-[caddy-directory]
+#       because sharedscripts work per entry, and each slave needs its own
-recipe = slapos.cookbook:mkdirectory
+#       olddir
-document-root = ${directory:srv}/htdocs
+#       Here we trust that there will be something to be rotated with error
-slave-configuration = ${directory:etc}/caddy-slave-conf.d/
+#       or access log, and that this will trigger postrotate script.
-slave-log = ${directory:log}/httpd
+post = ${frontend-haproxy-rsyslogd-lazy-graceful:output} &
-autocert = ${directory:srv}/autocert
+delaycompress =
-master-autocert-dir = ${:autocert}/master-autocert
-custom-ssl-directory = ${:slave-configuration}/ssl
-[caddy-configuration]
+[frontend-haproxy-configuration]
-frontend-configuration = ${directory:etc}/Caddyfile
+file = ${directory:etc}/frontend-haproxy.cfg
+crt-list = ${directory:etc}/frontend-haproxy-crt-list.txt
+log-socket = ${frontend-haproxy-rsyslogd-config:log-socket}
 access-log = ${directory:log}/frontend-access.log
 error-log = ${directory:log}/frontend-error.log
 pid-file = ${directory:run}/httpd.pid
-frontend-graceful-command = ${frontend-caddy-validate:output} && kill -USR1 $(cat ${:pid-file})
+frontend-graceful-command = ${frontend-haproxy-validate:output} && kill -USR2 $(cat ${:pid-file})
-not-found-file = ${caddy-directory:document-root}/${not-found-html:filename}
+not-found-file = {{ software_parameter_dict['template_not_found_html'] }}
-master-certificate = ${caddy-directory:master-autocert-dir}/master.pem
+master-certificate = ${frontend-directory:master-autocert-dir}/master.pem
+self-signed-fallback-certificate = ${self-signed-fallback-access:certificate}
+http-port = ${configuration:plain_http_port}
+https-port = ${configuration:port}
 # Communication with ATS
 cache-port = ${trafficserver-variable:input-port}
 # slave instrspection
@@ -472,6 +481,10 @@ slave-introspection-access-log = ${directory:log}/slave-introspection-access.log
 slave-introspection-error-log = ${directory:log}/slave-introspection-error.log
 slave-introspection-pid-file = ${directory:run}/slave-introspection.pid
 slave-introspection-graceful-command = ${slave-introspection-validate:output} && kill -HUP $(cat ${:slave-introspection-pid-file})
+local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
+version-hash = ${version-hash:value}
+node-id = ${frontend-node-id:value}
+quic = {{ FRONTEND_HAPROXY_QUIC }}
 # BBB: SlapOS Master non-zero knowledge BEGIN
 [get-self-signed-fallback-access]
@@ -498,18 +511,13 @@ context =
 output = ${directory:bbb-ssl-dir}/frontend.crt
 # BBB: SlapOS Master non-zero knowledge END
-[logrotate-entry-caddy]
+[frontend-directory]
-<= logrotate-entry-base
+recipe = slapos.cookbook:mkdirectory
-name = caddy
+slave-configuration = ${directory:etc}/frontend-haproxy.d/
-log = ${caddy-configuration:error-log} ${caddy-configuration:access-log}
+slave-log = ${directory:log}/httpd
-rotate-num = ${configuration:rotate-num}
+autocert = ${directory:srv}/autocert
-# Note: Slaves do not define their own reload, as this would be repeated,
+master-autocert-dir = ${:autocert}/master-autocert
-#       because sharedscripts work per entry, and each slave needs its own
+custom-ssl-directory = ${:slave-configuration}/ssl
-#       olddir
-#       Here we trust that there will be something to be rotated with error
-#       or access log, and that this will trigger postrotate script.
-post = ${frontend-caddy-lazy-graceful:output} &
-delaycompress =
 #################
 # Trafficserver
@@ -659,13 +667,13 @@ command = ${trafficserver-rotate-script:output}
 ### End of ATS sections
-### Caddy Graceful and promises
+### Frontend Graceful and promises
-[frontend-caddy-configuration-state]
+[frontend-haproxy-configuration-state]
 < = jinja2-template-base
 url = {{ software_parameter_dict['template_configuration_state_script'] }}
 output = ${directory:bin}/${:_buildout_section_name_}
-path_list = ${caddy-configuration:frontend-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:master-autocert-dir}/*.key ${caddy-directory:master-autocert-dir}/*.crt ${caddy-directory:master-autocert-dir}/*.pem ${caddy-directory:autocert}/*.pem ${caddy-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
+path_list = ${frontend-haproxy-configuration:file} ${frontend-haproxy-configuration:crt-list} ${frontend-directory:master-autocert-dir}/*.key ${frontend-directory:master-autocert-dir}/*.crt ${frontend-directory:master-autocert-dir}/*.pem ${frontend-directory:autocert}/*.pem ${frontend-directory:custom-ssl-directory}/*.proxy_ca_crt ${directory:bbb-ssl-dir}/*.crt
 sha256sum = {{ software_parameter_dict['sha256sum'] }}
 extra-context =
@@ -675,45 +683,60 @@ extra-context =
    key sha256sum :sha256sum
    key signature_file :signature_file
-[frontend-caddy-configuration-state-graceful]
+[frontend-haproxy-configuration-state-graceful]
-< = frontend-caddy-configuration-state
+< = frontend-haproxy-configuration-state
 signature_file = ${directory:run}/graceful_configuration_state_signature
-[frontend-caddy-configuration-state-validate]
+[frontend-haproxy-configuration-state-validate]
-< = frontend-caddy-configuration-state
+< = frontend-haproxy-configuration-state
 signature_file = ${directory:run}/validate_configuration_state_signature
-[frontend-caddy-graceful]
+[frontend-haproxy-graceful]
 < = jinja2-template-base
 url = {{ software_parameter_dict['template_graceful_script'] }}
-output = ${directory:etc-run}/frontend-caddy-safe-graceful
+output = ${directory:etc-run}/frontend-haproxy-safe-graceful
+mode = 0700
 extra-context =
-    key graceful_reload_command caddy-configuration:frontend-graceful-command
+    key graceful_reload_command frontend-haproxy-configuration:frontend-graceful-command
-    key configuration_state frontend-caddy-configuration-state-graceful:output
+    key configuration_state frontend-haproxy-configuration-state-graceful:output
-[frontend-caddy-validate]
+[frontend-haproxy-validate]
 < = jinja2-template-base
 url = {{ software_parameter_dict['template_validate_script'] }}
-output = ${directory:bin}/frontend-caddy-validate
+output = ${directory:bin}/frontend-haproxy-validate
-last_state_file = ${directory:run}/caddy_configuration_last_state
+mode = 0700
-validate_command = ${caddy-wrapper:output} -validate
+last_state_file = ${directory:run}/frontend_haproxy_configuration_last_state
+validate_command = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file} -c
+extra-context =
+    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
+    key validate_command :validate_command
+    key configuration_state_command frontend-haproxy-configuration-state-validate:output
+    key last_state_file :last_state_file
+[backend-haproxy-validate]
+<= jinja2-template-base
+url = {{ software_parameter_dict['template_validate_script'] }}
+output = ${directory:bin}/backend-haproxy-validate
+mode = 0700
+last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
+validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
 extra-context =
    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
    key validate_command :validate_command
-    key configuration_state_command frontend-caddy-configuration-state-validate:output
+    key configuration_state_command backend-haproxy-configuration-state-validate:output
    key last_state_file :last_state_file
-[frontend-caddy-lazy-graceful]
+[frontend-haproxy-lazy-graceful]
 < = jinja2-template-base
 url = {{ software_parameter_dict['template_lazy_script_call'] }}
-output = ${directory:bin}/frontend-caddy-lazy-graceful
+output = ${directory:bin}/frontend-haproxy-lazy-graceful
+mode = 0700
 pid-file = ${directory:run}/lazy-graceful.pid
 wait_time = 60
 extra-context =
    key pid_file :pid-file
    key wait_time :wait_time
-    key lazy_command caddy-configuration:frontend-graceful-command
+    key lazy_command frontend-haproxy-configuration:frontend-graceful-command
 # Promises checking configuration:
 [promise-helper-last-configuration-state]
@@ -722,41 +745,41 @@ url = {{ software_parameter_dict['template_empty'] }}
 output = ${directory:bin}/frontend-read-last-configuration-state
 content =
  #!/bin/sh
-  exit `cat ${frontend-caddy-validate:last_state_file}`
+  exit `cat ${frontend-haproxy-validate:last_state_file}`
 context =
    key content :content
-[promise-frontend-caddy-configuration]
+[promise-frontend-frontend-haproxy-configuration]
 <= monitor-promise-base
 promise = validate_frontend_configuration
-name = frontend-caddy-configuration-promise.py
+name = frontend-frontend-haproxy-configuration-promise.py
 config-verification-script = ${promise-helper-last-configuration-state:output}
-[promise-caddy-frontend-v4-https]
+[promise-frontend-haproxy-v4-https]
 <= monitor-promise-base
 promise = check_socket_listening
-name = caddy_frontend_ipv4_https.py
+name = frontend_haproxy_ipv4_https.py
 config-host = {{ instance_parameter_dict['ipv4-random'] }}
 config-port = ${configuration:port}
-[promise-caddy-frontend-v4-http]
+[promise-frontend-haproxy-v4-http]
 <= monitor-promise-base
 promise = check_socket_listening
-name = caddy_frontend_ipv4_http.py
+name = frontend_haproxy_ipv4_http.py
 config-host = {{ instance_parameter_dict['ipv4-random'] }}
 config-port = ${configuration:plain_http_port}
-[promise-caddy-frontend-v6-https]
+[promise-frontend-haproxy-v6-https]
 <= monitor-promise-base
 promise = check_socket_listening
-name = caddy_frontend_ipv6_https.py
+name = frontend_haproxy_ipv6_https.py
 config-host = {{ instance_parameter_dict['ipv6-random'] }}
 config-port = ${configuration:port}
-[promise-caddy-frontend-v6-http]
+[promise-frontend-haproxy-v6-http]
 <= monitor-promise-base
 promise = check_socket_listening
-name = caddy_frontend_ipv6_http.py
+name = frontend_haproxy_ipv6_http.py
 config-host = {{ instance_parameter_dict['ipv6-random'] }}
 config-port = ${configuration:plain_http_port}
@@ -795,10 +818,30 @@ statistic-username = ${monitor-instance-parameter:username}
 statistic-password = ${monitor-htpasswd:passwd}
 statistic-identification = {{ instance_parameter_dict['configuration.frontend-name'] + ' @ ' + slapparameter_dict['cluster-identification'] }}
 statistic-frontend-secure_access = ${backend-haproxy-statistic-frontend:connection-secure_access}
+version-hash = ${version-hash:value}
+node-id = ${frontend-node-id:value}
+[frontend-haproxy]
+recipe = slapos.cookbook:wrapper
+command-line = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file}
+wrapper-path = ${directory:service}/frontend-haproxy
+hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
+[frontend-haproxy-rsyslogd-lazy-graceful]
+< = jinja2-template-base
+url = {{ software_parameter_dict['template_lazy_script_call'] }}
+output = ${directory:bin}/frontend-haproxy-rsyslogd-lazy-graceful
+mode = 0700
+pid-file = ${directory:run}/frontend-haproxy-rsyslogd-lazy-graceful.pid
+wait_time = 60
+extra-context =
+    key pid_file :pid-file
+    key wait_time :wait_time
+    key lazy_command frontend-haproxy-rsyslogd-config:graceful-command
 [backend-haproxy]
 recipe = slapos.cookbook:wrapper
-command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
+command-line = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file}
 wrapper-path = ${directory:service}/backend-haproxy
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
@@ -863,7 +906,7 @@ extra-context =
 url = {{ software_parameter_dict['template_validate_script'] }}
 output = ${directory:bin}/backend-haproxy-validate
 last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
-validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
+validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
 extra-context =
    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
    key validate_command :validate_command
@@ -892,7 +935,7 @@ log-file = ${directory:log}/backend-haproxy.log
 pid-file = ${directory:run}/backend-haproxy-rsyslogd.pid
 spool-directory = ${directory:backend-haproxy-rsyslogd-spool}
 graceful-command = kill -HUP $(cat ${:pid-file})
-log-directory = ${caddy-directory:slave-log}
+log-directory = ${frontend-directory:slave-log}
 [backend-haproxy-rsyslogd-configuration]
 <= jinja2-template-base
@@ -940,14 +983,6 @@ command = export TS_ROOT=${buildout:directory} && echo "<pre>$({{ software_param
 extra-context =
  key content monitor-ats-cache-stats-wrapper:command
-[monitor-caddy-server-status-wrapper]
-< = jinja2-template-base
-url = {{ software_parameter_dict['template_wrapper'] }}
-output = ${directory:bin}/monitor-caddy-server-status-wrapper
-command = {{ software_parameter_dict['curl'] }}/bin/curl -s http://{{ instance_parameter_dict['ipv4-random'] }}:${configuration:plain_http_port}/server-status -u ${monitor-instance-parameter:username}:${monitor-htpasswd:passwd} 2>&1
-extra-context =
-  key content monitor-caddy-server-status-wrapper:command
 [monitor-ats-cache-stats-config]
 < = jinja2-template-base
 url = {{ software_parameter_dict['template_empty'] }}
@@ -1027,7 +1062,7 @@ url = {{ software_parameter_dict['template_graceful_script'] }}
 output = ${directory:etc-run}/slave-introspection-safe-graceful
 extra-context =
-    key graceful_reload_command caddy-configuration:slave-introspection-graceful-command
+    key graceful_reload_command frontend-haproxy-configuration:slave-introspection-graceful-command
    key configuration_state slave-introspection-configuration-state-graceful:output
 [slave-introspection-validate]
@@ -1068,9 +1103,9 @@ config-port = ${frontend-configuration:slave-introspection-https-port}
 [logrotate-entry-slave-introspection]
 <= logrotate-entry-base
 name = slave-introspection
-log = ${caddy-configuration:slave-introspection-access-log} ${caddy-configuration:slave-introspection-error-log}
+log = ${frontend-haproxy-configuration:slave-introspection-access-log} ${frontend-haproxy-configuration:slave-introspection-error-log}
 rotate-num = ${configuration:rotate-num}
-post = kill -USR1 $(cat ${caddy-configuration:slave-introspection-pid-file})
+post = kill -USR2 $(cat ${frontend-haproxy-configuration:slave-introspection-pid-file})
 delaycompress =
 [promise-logrotate-setup]

--- a/software/caddy-frontend/instance-input-schema.json
+++ b/software/caddy-frontend/instance-input-schema.json
@@ -34,12 +34,6 @@
      "title": "Enable HTTP2 by Default",
      "type": "string"
    },
-    "mpm-graceful-shutdown-timeout": {
-      "default": 5,
-      "description": "Value passed to -grace parameter of Caddy, see https://caddyserver.com/docs/cli .",
-      "title": "Duration of the graceful shutdown period. Warning: Changing the parameter will result in restarting Caddy process.",
-      "type": "integer"
-    },
    "re6st-verification-url": {
      "description": "Url to verify if the internet and/or re6stnet is working.",
      "title": "Test Verification URL",
@@ -78,9 +72,9 @@
      "type": "string"
    },
    "ciphers": {
-      "description": "List of ciphers. Empty defaults to Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
      "title": "Ordered space separated list of ciphers",
-      "type": "string"
+      "type": "string",
+      "default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
    },
    "request-timeout": {
      "default": 600,

--- a/software/caddy-frontend/instance-kedifa.cfg.in
+++ b/software/caddy-frontend/instance-kedifa.cfg.in
--- a/software/caddy-frontend/instance-master-publish-slave-information.cfg.in
+++ b/software/caddy-frontend/instance-master-publish-slave-information.cfg.in
--- a/software/caddy-frontend/instance-master.cfg.in
+++ b/software/caddy-frontend/instance-master.cfg.in
@@ -5,7 +5,27 @@
 {%- set NAME_BASE = 'caddy-frontend' %}
 {#- DANGER! DANGER! #}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
-{%- set GOOD_CIPHER_LIST = ['ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-WITH-CHACHA20-POLY1305', 'ECDHE-RSA-AES256-CBC-SHA', 'ECDHE-RSA-AES128-CBC-SHA', 'ECDHE-ECDSA-AES256-CBC-SHA', 'ECDHE-ECDSA-AES128-CBC-SHA', 'RSA-AES256-CBC-SHA', 'RSA-AES128-CBC-SHA', 'ECDHE-RSA-3DES-EDE-CBC-SHA', 'RSA-3DES-EDE-CBC-SHA'] %}
+{%- set GOOD_CIPHER_LIST = [
+  'ECDHE-ECDSA-AES256-GCM-SHA384',
+  'ECDHE-RSA-AES256-GCM-SHA384',
+  'ECDHE-ECDSA-AES128-GCM-SHA256',
+  'ECDHE-RSA-AES128-GCM-SHA256',
+] %}
+{%- set CIPHER_TRANSLATION_DICT = {
+  'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
+  'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
+  'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
+  'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
+  'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
+  'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
+  'RSA-AES256-CBC-SHA': 'AES256-SHA',
+  'RSA-AES128-CBC-SHA': 'AES128-SHA',
+  'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
+  'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
+} %}
+{%- for key, value in CIPHER_TRANSLATION_DICT.items() %}
+{%-   do GOOD_CIPHER_LIST.append(value) %}
+{%- endfor %}
 {#- Allow to pass only some parameters to frontend nodes #}
 {%- set FRONTEND_NODE_PASSED_KEY_LIST = [
        'plain_http_port',
@@ -14,7 +34,6 @@
        'apache-key',
        'domain',
        'enable-http2-by-default',
-        'mpm-graceful-shutdown-timeout',
        're6st-verification-url',
        'backend-connect-timeout',
        'backend-connect-retries',
@@ -148,6 +167,10 @@ context =
 {%     do frontend_section_list.append(request_section_title) %}
 {%   endif %}
 {%   do part_list.append(request_section_title) %}
+{%   set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
+{%   set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
 # Filling request dict for slave
 {%   set request_content_dict = {
                                  'config': config_dict,
@@ -215,8 +238,13 @@ context =
 {%   set slave_cipher_list = slave.get('ciphers', '').strip().split() %}
 {%   if slave_cipher_list %}
 {%     for cipher in slave_cipher_list %}
-{%       if cipher not in GOOD_CIPHER_LIST  %}
+{%       if cipher not in GOOD_CIPHER_LIST %}
-{%         do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
+{%         if cipher in CIPHER_TRANSLATION_DICT %}
+{#           Real translation happens in instance-slave-list.cfg.in #}
+{%           do slave_warning_list.append('Cipher %r translated to %r' % (cipher, CIPHER_TRANSLATION_DICT[cipher])) %}
+{%         else %}
+{%           do slave_error_list.append('Cipher %r is not supported.' % (cipher,)) %}
+{%         endif %}
 {%       endif %}
 {%     endfor %}
 {%   endif %}

--- a/software/caddy-frontend/instance-output-schema.json
+++ b/software/caddy-frontend/instance-output-schema.json
 {
  "$schema": "http://json-schema.org/draft-04/schema#",
-  "description": "Values returned by Caddy Frontend instanciation",
+  "description": "Values returned by Rapid.CDN instanciation",
  "properties": {
    "accepted-slave-amount": {
      "description": "Amount of Slaves allocated to the Instance which are deployed",

--- a/software/caddy-frontend/instance-slave-input-schema.json
+++ b/software/caddy-frontend/instance-slave-input-schema.json
@@ -15,7 +15,7 @@
    },
    "type": {
      "default": "",
-      "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.",
+      "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster. All frontends support websocket by default and under the hood, but switch to type:websocket allow to configure websocket-path-list and websocket-transparent options.",
      "enum": [
        "",
        "zope",
@@ -34,7 +34,7 @@
    },
    "enable_cache": {
      "default": "false",
-      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
+      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend and backend",
      "enum": [
        "false",
        "true"
@@ -120,7 +120,7 @@
    },
    "websocket-transparent": {
      "default": "true",
-      "description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
+      "description": "If set to false, websocket slave will be without passing X-Real-Ip, X-Forwarded-Proto and X-Forwarded-Port. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
      "enum": [
        "false",
        "true"
@@ -210,9 +210,9 @@
      "type": "integer"
    },
    "ciphers": {
-      "description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
      "title": "Ordered space separated list of ciphers",
-      "type": "string"
+      "type": "string",
+      "default": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA"
    },
    "authenticate-to-backend": {
      "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",

--- a/software/caddy-frontend/instance-slave-list.cfg.in
+++ b/software/caddy-frontend/instance-slave-list.cfg.in
@@ -3,7 +3,7 @@
 {%- set backend_slave_list = [] %}
 {%- set frontend_slave_list = [] %}
 {%- set part_list = [] %}
-{%- set cache_port = caddy_configuration.get('cache-port') %}
+{%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
 {%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
 {%- set ssl_cache_access = "http://%s:%s/HTTPS" % (instance_parameter_dict['ipv4-random'], cache_port) %}
 {%- set backend_haproxy_http_url = 'http://%s:%s' % (instance_parameter_dict['ipv4-random'], backend_haproxy_configuration['http-port']) %}
@@ -17,9 +17,9 @@
 {%-   do slave_instance_list.extend(json_module.loads(configuration['extra_slave_instance_list'])) %}
 {%- endif %}
 {%- if master_key_download_url %}
-{%-   do kedifa_updater_mapping.append((master_key_download_url, caddy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append((master_key_download_url, frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
 {%- else %}
-{%-   do kedifa_updater_mapping.append(('notreadyyet', caddy_configuration['master-certificate'], apache_certificate)) %}
+{%-   do kedifa_updater_mapping.append(('notreadyyet', frontend_haproxy_configuration['master-certificate'], apache_certificate)) %}
 {%- endif %}
 {%- if kedifa_configuration['slave_kedifa_information'] %}
 {%-   set slave_kedifa_information = json_module.loads(kedifa_configuration['slave_kedifa_information']) %}
@@ -40,6 +40,18 @@ context =
 [slave-htpasswd]
 {#- Prepare configuration parameters #}
+{%- set CIPHER_TRANSLATION_DICT = {
+  'ECDHE-ECDSA-WITH-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',   
+  'ECDHE-RSA-WITH-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
+  'ECDHE-RSA-AES256-CBC-SHA': 'ECDHE-RSA-AES256-SHA',
+  'ECDHE-RSA-AES128-CBC-SHA': 'ECDHE-RSA-AES128-SHA',
+  'ECDHE-ECDSA-AES256-CBC-SHA': 'ECDHE-ECDSA-AES256-SHA',
+  'ECDHE-ECDSA-AES128-CBC-SHA': 'ECDHE-ECDSA-AES128-SHA',
+  'RSA-AES256-CBC-SHA': 'AES256-SHA',
+  'RSA-AES128-CBC-SHA': 'AES128-SHA',
+  'ECDHE-RSA-3DES-EDE-CBC-SHA': 'ECDHE-RSA-DES-CBC3-SHA',
+  'RSA-3DES-EDE-CBC-SHA': 'DES-CBC3-SHA'
+} %}
 {%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
 {%- for key in ['enable-http2-by-default'] %}
 {%-   do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
@@ -53,7 +65,7 @@ context =
 {#-     * stabilise values for backend #}
 {%-   for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
 {%-     set parsed = urllib_module.parse.urlparse(slave_instance.get(key, '').strip()) %}
-{%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split() } %}
+{%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment, 'query': parsed.query, 'netloc-list': slave_instance.get(key + '-netloc-list', '').split()} %}
 {%-     do slave_instance.__setitem__(prefix, info_dict) %}
 {%-   endfor %}
 {%-   do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
@@ -86,11 +98,14 @@ context =
 {%-   do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
 {%-   do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
 {#-   Manage ciphers #}
-{%-   set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
+{%-   set slave_ciphers = [] %}
+{%-   for cipher in slave_instance.get('ciphers', '').strip().split() %}
+{%-     do slave_ciphers.append(CIPHER_TRANSLATION_DICT.get(cipher, cipher)) %}
+{%-   endfor %}
 {%-   if slave_ciphers %}
-{%-     set slave_cipher_list = ' '.join(slave_ciphers) %}
+{%-     set slave_cipher_list = ':'.join(slave_ciphers) %}
 {%-   else %}
-{%-     set slave_cipher_list = configuration['ciphers'].strip() %}
+{%-     set slave_cipher_list = ':'.join(configuration['ciphers'].strip().split()) %}
 {%-   endif %}
 {%-   do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
 {#-   Manage common instance parameters #}
@@ -98,7 +113,8 @@ context =
 {%-   set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
 {%-   set slave_reference = slave_instance.get('slave_reference') %}
 {%-   set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
-{#-   Setup backend URLs for front facing Caddy #}
+{#-   Setup backend URLs for frontend-haproxy #}
 {%-   if slave_type == 'redirect' %}
 {%-     do slave_instance.__setitem__('backend-http-url', slave_instance.get('url', '').rstrip('/')) %}
 {%-     if slave_instance.get('https-url') %}
@@ -121,12 +137,24 @@ context =
 {%-       do slave_instance.__setitem__('backend-https-url', backend_haproxy_https_url) %}
 {%-     endif %}
 {%-   endif %}
+{%-   for frontend_key, key in [('backend-http-info', 'backend-http-url'), ('backend-https-info', 'backend-https-url')] %}
+{%-     if key in slave_instance %}
+{%-       set parsed = urllib_module.parse.urlparse(slave_instance[key]) %}
+{%-       do slave_instance.__setitem__(frontend_key, {
+            'scheme': parsed.scheme,
+            'hostname': parsed.hostname,
+            'port': parsed.port or DEFAULT_PORT[parsed.scheme],
+            'path': parsed.path,
+            'fragment': parsed.fragment,
+            'query': parsed.query }) %}
+            {%-     endif %}
+{%-   endfor %}
 {%-   if slave_kedifa %}
 {%-     set key_download_url = slave_kedifa.get('key-download-url') %}
 {%-   else %}
 {%-     set key_download_url = 'notreadyyet' %}
 {%-   endif %}
-{%-   set slave_section_title = 'dynamic-template-slave-instance-%s' % slave_reference %}
 {%-   set slave_parameter_dict = generic_instance_parameter_dict.copy() %}
 {%-   set slave_publish_dict = {} %}
 {%-   set slave_configuration_section_name = 'slave-instance-%s-configuration' % slave_reference %}
@@ -137,7 +165,6 @@ context =
 {%-   set slave_ln_section = slave_reference + "-ln" %}
 {#-   extend parts #}
 {%-   do part_list.extend([slave_ln_section]) %}
-{%-   do part_list.extend([slave_section_title]) %}
 {%-   set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
 {#-   Pass backend timeout values #}
 {%-   for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
@@ -176,11 +203,9 @@ context =
 {%-     do slave_instance.__setitem__('health-check-http-path', '') %}
 {%-   endif %} {# if slave_instance['health-check'] #}
 {#-   Set Up log files #}
-{%-   do slave_parameter_dict.__setitem__('access_log', '/'.join([caddy_log_directory, '%s_access_log' % slave_reference])) %}
+{%-   do slave_parameter_dict.__setitem__('access_log', '/'.join([frontend_directory['slave-log'], '%s_access_log' % slave_reference])) %}
-{%-   do slave_parameter_dict.__setitem__('error_log', '/'.join([caddy_log_directory, '%s_error_log' % slave_reference])) %}
+{%-   do slave_parameter_dict.__setitem__('backend_log', '/'.join([frontend_directory['slave-log'], '%s_backend_log' % slave_reference])) %}
-{%-   do slave_parameter_dict.__setitem__('backend_log', '/'.join([caddy_log_directory, '%s_backend_log' % slave_reference])) %}
 {%-   do slave_instance.__setitem__('access_log', slave_parameter_dict.get('access_log')) %}
-{%-   do slave_instance.__setitem__('error_log', slave_parameter_dict.get('error_log')) %}
 {%-   do slave_instance.__setitem__('backend_log', slave_parameter_dict.get('backend_log')) %}
 {#-   Add slave log directory to the slave log access dict #}
 {%-   do slave_log_dict.__setitem__(slave_reference, slave_log_folder) %}
@@ -241,7 +266,7 @@ log-directory = {{ '${slave-log-directory-dict:' + slave_reference + '}' }}
 [{{slave_logrotate_section}}]
 <= logrotate-entry-base
 name = ${:_buildout_section_name_}
-log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('error_log')}} {{slave_parameter_dict.get('backend_log')}}
+log = {{slave_parameter_dict.get('access_log')}} {{slave_parameter_dict.get('backend_log')}}
 backup = {{ '${' + slave_log_directory_section + ':log-directory}' }}
 rotate-num = {{ dumps('' ~ configuration['rotate-num']) }}
 # disable delayed compression, as log filenames shall be stable
@@ -253,20 +278,22 @@ delaycompress =
 recipe = plone.recipe.command
 stop-on-error = false
 log-directory = {{ '${' + slave_logrotate_section + ':backup}' }}
-command = ln -sf {{slave_parameter_dict.get('error_log')}} ${:log-directory}/error.log && ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log && ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log
+command =
+  ln -sf {{slave_parameter_dict.get('access_log')}} ${:log-directory}/access.log
+  ln -sf {{slave_parameter_dict.get('backend_log')}} ${:log-directory}/backend.log
 {#-   Set password for slave #}
 [{{slave_password_section}}]
 recipe = slapos.cookbook:generate.password
-storage-path = {{caddy_configuration_directory}}/.{{slave_reference}}.passwd
+storage-path = {{ frontend_directory['slave-configuration'] }}/.{{slave_reference}}.passwd
 bytes = 8
 [{{ slave_htpasswd_section }}]
 recipe = plone.recipe.command
 {#- Can be stopped on error, as does not rely on self provided service #}
 stop-on-error = True
-file = {{ caddy_configuration_directory }}/.{{ slave_reference }}.htpasswd
+file = {{ frontend_directory['slave-configuration'] }}/.{{ slave_reference }}.htpasswd
 {#- update-command is not needed, as if the ${:password} would change, the whole part will be recalculated #}
 password = {{ '${' + slave_password_section + ':passwd}' }}
 command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_reference.lower() }} ${:password}
@@ -275,14 +302,15 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
 {#-   Set Slave Certificates if needed                   #}
 {#-   Set certificate key for custom configuration       #}
 {%-   set cert_name = slave_reference.replace('-','.') + '.pem' %}
-{%-   set certificate = '%s/%s' % (autocert, cert_name) %}
+{%-   set certificate = '%s/%s' % (frontend_directory['autocert'], cert_name) %}
 {%-   do slave_parameter_dict.__setitem__('certificate', certificate )%}
+{%-   do slave_instance.__setitem__('certificate', certificate )%}
 {#-   Set ssl certificates for each slave #}
 {%-     for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt', 'health-check-failover-ssl-proxy-ca-crt')%}
 {%-       set cert_file_key = 'path_to_' + cert_name %}
 {%-       if cert_name in slave_instance %}
 {%-         set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
-{%-         set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
+{%-         set cert_file = '/'.join([frontend_directory['custom-ssl-directory'], cert_title.replace('-','.')]) %}
 {%-         do part_list.append(cert_title) %}
 {%-         do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
 {%-         do slave_instance.__setitem__(cert_file_key, cert_file) %}
@@ -317,7 +345,7 @@ cert-content = {{ dumps(slave_instance.get('ssl_crt') + '\n' + slave_instance.ge
 extra-context =
    key content :cert-content
 {%-   else %}
-{%-     do kedifa_updater_mapping.append((key_download_url, certificate, caddy_configuration['master-certificate'])) %}
+{%-     do kedifa_updater_mapping.append((key_download_url, certificate, frontend_haproxy_configuration['master-certificate'])) %}
 {%-   endif %}
 {#-   BBB: SlapOS Master non-zero knowledge END #}
@@ -329,26 +357,12 @@ certificate = {{ certificate }}
 https_port = {{ dumps('' ~ configuration['port']) }}
 http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
 local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
-version-hash = {{ version_hash }}
-node-id = {{ node_id }}
 {%-   for key, value in slave_instance.items() %}
 {%-     if value is not none %}
 {{ key }} = {{ dumps(value) }}
 {%-     endif %}
 {%-   endfor %}
-[{{ slave_section_title }}]
-< = jinja2-template-base
-output = {{ caddy_configuration_directory }}/${:filename}
-url = {{ template_default_slave_configuration }}
-extra-context =
-    section slave_parameter {{ slave_configuration_section_name }}
-filename = {{ '%s.conf' % slave_reference }}
-{{ '\n' }}
 {%-   set monitor_ipv6_test = slave_instance.get('monitor-ipv6-test', '') %}
 {%-   if monitor_ipv6_test %}
 {%-     set monitor_ipv6_section_title = 'check-%s-ipv6-packet-list-test' % slave_instance.get('slave_reference') %}
@@ -387,35 +401,16 @@ config-frequency = 720
 {%- do part_list.append('slave-introspection') %}
 {#- ############################################## #}
 {#- ## Prepare virtualhost for slaves using cache  #}
-{#- Define IPv6 to IPV4 tunneling #}
-[tunnel-6to4-base]
-recipe = slapos.cookbook:wrapper
-ipv4 = ${slap-configuration:ipv4-random}
-ipv6 = ${slap-configuration:ipv6-random}
-wrapper-path = {{ directory['service'] }}/6tunnel-${:ipv6-port}
-command-line = {{ software_parameter_dict['sixtunnel'] }}/bin/6tunnel -6 -4 -d -l ${:ipv6} ${:ipv6-port} ${:ipv4} ${:ipv4-port}
-hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
-[tunnel-6to4-base-http_port]
-<= tunnel-6to4-base
-ipv4-port = {{ configuration['plain_http_port'] }}
-ipv6-port = {{ configuration['plain_http_port'] }}
-[tunnel-6to4-base-https_port]
-<= tunnel-6to4-base
-ipv4-port = {{ configuration['port'] }}
-ipv6-port = {{ configuration['port'] }}
 [slave-introspection-parameters]
 local-ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 global-ipv6 = {{ dumps(global_ipv6) }}
 https-port = {{ frontend_configuration['slave-introspection-https-port'] }}
 ip-access-certificate = {{ frontend_configuration.get('ip-access-certificate') }}
 nginx-mime = {{ software_parameter_dict['nginx_mime'] }}
-access-log = {{ dumps(caddy_configuration['slave-introspection-access-log']) }}
+access-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-access-log']) }}
-error-log = {{ dumps(caddy_configuration['slave-introspection-error-log']) }}
+error-log = {{ dumps(frontend_haproxy_configuration['slave-introspection-error-log']) }}
 var = {{ directory['slave-introspection-var'] }}
-pid = {{ caddy_configuration['slave-introspection-pid-file'] }}
+pid = {{ frontend_haproxy_configuration['slave-introspection-pid-file'] }}
 [slave-introspection-config]
 <= jinja2-template-base
@@ -437,7 +432,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 {#- Publish information for the instance #}
-[publish-caddy-information]
+[publish]
 recipe = slapos.cookbook:publish.serialised
 {%- if configuration['extra_slave_instance_list'] %}
 {#-   sort_keys are important in order to avoid shuffling parameters on each run #}
@@ -462,8 +457,8 @@ recipe = slapos.cookbook:wrapper
 command-line = {{ software_parameter_dict['kedifa-updater'] }}
  --server-ca-certificate {{ kedifa_configuration['ca-certificate'] }}
  --identity {{ kedifa_configuration['certificate'] }}
-  --master-certificate {{ caddy_configuration['master-certificate'] }}
+  --master-certificate {{ frontend_haproxy_configuration['master-certificate'] }}
-  --on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
+  --on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
  ${kedifa-updater-mapping:file}
  {{ kedifa_configuration['kedifa-updater-state-file'] }}
@@ -474,7 +469,7 @@ hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
 recipe = plone.recipe.command
 {#- Can be stopped on error, as does not rely on self provided service but on service which comes from another partition #}
 stop-on-error = True
-command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ caddy_configuration['frontend-graceful-command'] }}"
+command = {{ software_parameter_dict['kedifa-updater'] }} --prepare-only ${kedifa-updater-mapping:file} --on-update "{{ frontend_haproxy_configuration['frontend-graceful-command'] }}"
 update-command = ${:command}
 [kedifa-updater-mapping]
@@ -487,6 +482,38 @@ inline =
 output = ${:file}
+##<Frontend haproxy>
+[frontend-haproxy-slave-list]
+list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
+[frontend-haproxy-crt-list]
+<= jinja2-template-base
+template = {{ template_frontend_haproxy_crt_list }}
+rendered = ${frontend-haproxy-config:crt-list}
+extra-context =
+  key frontend_slave_list frontend-haproxy-slave-list:list
+  section configuration frontend-haproxy-config
+[frontend-haproxy-configuration]
+< = jinja2-template-base
+template = {{ template_frontend_haproxy_configuration }}
+rendered = ${frontend-haproxy-config:file}
+extra-context =
+  key frontend_slave_list frontend-haproxy-slave-list:list
+  key crt_list frontend-haproxy-crt-list:rendered
+  section configuration frontend-haproxy-config
+[frontend-haproxy-config]
+{%- for key, value in frontend_haproxy_configuration.items() %}
+{{ key }} = {{ value }}
+{%- endfor %}
+local-ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
+global-ipv6 = ${slap-configuration:ipv6-random}
+request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
+autocert-directory = {{ frontend_directory['autocert'] }}
+##</Frontend haproxy>
 ##<Backend haproxy>
 [backend-haproxy-configuration]
 < = jinja2-template-base
@@ -506,8 +533,6 @@ global-ipv6 = ${slap-configuration:ipv6-random}
 request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
 backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
 backend-connect-retries =  {{ dumps('' ~ configuration['backend-connect-retries']) }}
-version-hash = {{ version_hash }}
-node-id = {{ node_id }}
 [template-expose-csr-link-csr]
 recipe = plone.recipe.command
@@ -527,7 +552,7 @@ csr = {{ backend_haproxy_configuration['csr'] }}
 filename = kedifa-csr.pem
 csr = {{ kedifa_configuration['csr'] }}
-##<Backend haproxy>
+##</Backend haproxy>
 [buildout]
 extends =
@@ -538,15 +563,14 @@ extends =
 parts +=
    kedifa-updater
    kedifa-updater-run
+    frontend-haproxy-configuration
    backend-haproxy-configuration
    promise-logrotate-setup
    promise-key-download-url-ready
 {%- for part in part_list %}
 {{ '    %s' % part }}
 {%- endfor %}
-    publish-caddy-information
+    publish
-    tunnel-6to4-base-http_port
-    tunnel-6to4-base-https_port
    promise-expose-csr-ip-port
 cache-access = {{ cache_access }}

--- a/software/caddy-frontend/instance-slave-output-schema.json
+++ b/software/caddy-frontend/instance-slave-output-schema.json
 {
  "$schema": "http://json-schema.org/draft-04/schema#",
-  "description": "Values returned by Caddy Frontend instanciation",
+  "description": "Values returned by Rapid.CDN slave instanciation",
  "properties": {
    "domain": {
      "description": "Base domain used by the instance",

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -96,9 +96,8 @@ configuration.disk-cache-size = 8G
 configuration.ram-cache-size = 1G
 configuration.re6st-verification-url = http://[2001:67c:1254:4::1]/index.html
 configuration.enable-http2-by-default = true
-configuration.ciphers =
+configuration.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA AES256-SHA AES128-SHA ECDHE-RSA-DES-CBC3-SHA DES-CBC3-SHA
 configuration.request-timeout = 600
-configuration.mpm-graceful-shutdown-timeout = 5
 configuration.frontend-name =
 configuration.backend-connect-timeout = 5
 configuration.backend-connect-retries = 3

--- a/software/caddy-frontend/setup.py
+++ b/software/caddy-frontend/setup.py
--- a/software/caddy-frontend/software.cfg
+++ b/software/caddy-frontend/software.cfg
@@ -3,11 +3,9 @@ extends =
  buildout.hash.cfg
  ../../stack/slapos.cfg
  ../../component/dash/buildout.cfg
-  ../../component/caddy/buildout.cfg
  ../../component/gzip/buildout.cfg
  ../../component/logrotate/buildout.cfg
  ../../component/trafficserver/buildout.cfg
-  ../../component/6tunnel/buildout.cfg
  ../../component/xz-utils/buildout.cfg
  ../../component/rsyslogd/buildout.cfg
  ../../component/haproxy/buildout.cfg
@@ -83,10 +81,11 @@ profile_slave_list = ${profile-slave-list:target}
 # templates
 template_backend_haproxy_configuration = ${template-backend-haproxy-configuration:target}
 template_backend_haproxy_rsyslogd_conf = ${template-backend-haproxy-rsyslogd-conf:target}
-template_caddy_frontend_configuration = ${template-caddy-frontend-configuration:target}
+template_frontend_haproxy_configuration = ${template-frontend-haproxy-configuration:target}
+template_frontend_haproxy_crt_list = ${template-frontend-haproxy-crt-list:target}
+template_frontend_haproxy_rsyslogd_conf = ${template-frontend-haproxy-rsyslogd-conf:target}
 template_lazy_script_call = ${template-lazy-script-call:target}
 template_configuration_state_script = ${template-configuration-state-script:target}
-template_default_slave_virtualhost = ${template-default-slave-virtualhost:target}
 template_empty = ${template-empty:target}
 template_graceful_script = ${template-graceful-script:target}
 template_not_found_html = ${template-not-found-html:target}
@@ -103,11 +102,10 @@ template_expose_csr_nginx_conf = ${template-expose-csr-nginx-conf:target}
 bin_directory = ${buildout:bin-directory}
 # files
-sixtunnel = ${6tunnel:location}
 nginx = ${nginx-output:nginx}
 nginx_mime = ${nginx-output:mime}
-caddy = ${caddy:output}
 haproxy_executable = ${haproxy:location}/sbin/haproxy
+haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
 rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
 curl = ${curl:location}
 dash = ${dash:location}
@@ -156,13 +154,13 @@ url = ${:_profile_base_location_}/${:filename}
 recipe = slapos.recipe.build:download
 url = ${:_profile_base_location_}/${:_update_hash_filename_}
-[template-caddy-frontend-configuration]
+[template-frontend-haproxy-configuration]
 <=download-template
-[template-not-found-html]
+[template-frontend-haproxy-crt-list]
 <=download-template
-[template-default-slave-virtualhost]
+[template-not-found-html]
 <=download-template
 [template-backend-haproxy-configuration]
@@ -209,6 +207,9 @@ output = ${buildout:directory}/template-wrapper.cfg
 [template-expose-csr-nginx-conf]
 <=download-template
+[template-frontend-haproxy-rsyslogd-conf]
+<=download-template
 [versions]
 kedifa = 0.0.6
 # Modern KeDiFa requires zc.lockfile

--- a/software/caddy-frontend/software.cfg.json
+++ b/software/caddy-frontend/software.cfg.json
 {
-  "description": "Caddy Frontend",
+  "description": "Rapid.CDN",
-  "name": "Caddy Frontend",
+  "name": "Rapid.CDN",
  "serialisation": "xml",
  "software-type": {
    "custom-personal": {

--- a/software/caddy-frontend/software.py
+++ b/software/caddy-frontend/software.py
--- a/software/caddy-frontend/templates/backend-haproxy-rsyslogd.conf.in
+++ b/software/caddy-frontend/templates/backend-haproxy-rsyslogd.conf.in
--- a/software/caddy-frontend/templates/backend-haproxy.cfg.in
+++ b/software/caddy-frontend/templates/backend-haproxy.cfg.in
@@ -60,6 +60,8 @@ frontend http-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
  http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
  http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
+  # setup Date
+  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', False) }}
 {%- endfor %}
@@ -71,12 +73,14 @@ frontend https-backend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }}
  http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
  http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
+  # setup Date
+  http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', False) }}
 {%- endfor %}
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', True) }}
-{%- endfor %}
+{% endfor %}
 {%- for slave_instance in backend_slave_list %}
 {%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
@@ -122,7 +126,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
 {%-           do active_check_list.append('rise %s' % (slave_instance['health-check-rise'])) %}
 {%-           do active_check_list.append('fall %s' % (slave_instance['health-check-fall'])) %}
 {%-           if slave_instance['health-check-http-method'] != 'CONNECT' %}
-{%-             do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode, slave_instance['health-check-http-version'])) %}
+{%-             do active_check_option_list.append('option httpchk %s %s %s' % (slave_instance['health-check-http-method'], slave_instance['health-check-http-path'] | urlencode | replace('%', '%%'), slave_instance['health-check-http-version'])) %}
 {%-           endif %}
 {%-           do active_check_option_list.append('timeout check %ss' % (slave_instance['health-check-timeout'])) %}
 {%-         endif %}
@@ -191,4 +195,5 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover
 {%-       endif %}
 {%-     endif %}
 {%-   endfor %}
-{%- endfor %}
+{% endfor %}
+{# END OF FILE #}
--- a/software/caddy-frontend/templates/configuration-state-script.sh.in
+++ b/software/caddy-frontend/templates/configuration-state-script.sh.in
--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -2,11 +2,6 @@
 {%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
 {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
 {%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
-{%- if slave_parameter['path'].strip().strip('/') %}
-{%-   set zope_path = slave_parameter['path'].strip().strip('/') ~ '/' %}
-{%- else %}
-{%-   set zope_path = '' %}
-{%- endif %}
 {%- set http_host_list = [] %}
 {%- set https_host_list = [] %}
 {%- for host in slave_parameter['host_list'] %}
@@ -16,32 +11,11 @@
 {%- macro proxy_header() %}
    timeout {{ slave_parameter['request-timeout'] }}s
-    # force reset of X-Forwarded-For
-    header_upstream X-Forwarded-For {remote}
    # workaround for lost connection to haproxy by reconnecting
    try_duration 3s
    try_interval 250ms
-    header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
-{%-   if not slave_parameter['disable-via-header'] %}
-    header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
-{%-   endif %}
 {%- endmacro %} {# proxy_header #}
-{%- macro hsts_header(tls) %}
-{%-   if tls %}
-{%-     if slave_parameter['strict-transport-security'] > 0 %}
-{%-       set strict_transport_security = ['max-age=%i' % (slave_parameter['strict-transport-security'],)] %}
-{%-       if slave_parameter['strict-transport-security-sub-domains'] %}
-{%-         do strict_transport_security.append('; includeSubDomains') %}
-{%-       endif %}
-{%-       if slave_parameter['strict-transport-security-preload'] %}
-{%-         do strict_transport_security.append('; preload') %}
-{%-       endif %}
-    header_downstream Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
-{%-     endif %}
-{%-   endif %}
-{%- endmacro %} {# hsts_header #}
 {%- for tls in [True, False] %}
 {%- if tls %}
 {%-   set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
@@ -55,16 +29,6 @@
  bind {{ slave_parameter['local_ipv4'] }}
 {%- if tls %}
  tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
-{%- if slave_parameter['ciphers'] %}
-    ciphers {{ slave_parameter['ciphers'] }}
-{%- endif %}
-{%- if slave_parameter['enable_h2'] %}
-    # Allow http2
-    alpn h2 http/1.1
-{%- else %} {#- if slave_parameter['enable_h2'] #}
-    # Disallow HTTP2
-    alpn http/1.1
-{%- endif %} {#- if slave_parameter['enable_h2'] #}
  } {# tls #}
 {%- endif %} {#- if tls #}
  log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
@@ -100,75 +64,10 @@
  redir 302 {
    / https://{host}{rewrite_uri}
  }
-{%- elif slave_parameter['type'] ==  'zope' and backend_url %}
-  # Zope configuration
-{%-   for (proxy_name, proxy_comment) in proxy_append_list %}
-  # {{ proxy_comment }}
-  proxy "/{{ proxy_name }}" {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-{%-     if proxy_name == 'prefer-gzip' %}
-    without /prefer-gzip
-    header_upstream Accept-Encoding gzip
-{%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
-    # Remove cookie {{ disabled_cookie }} from client Cookies
-    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
-{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
-{%-   if slave_parameter['disable-via-header'] %}
-    header_downstream -Via
-{%-   endif %} {#-   if slave_parameter['disable-via-header'] #}
-{%-   if slave_parameter['disable-no-cache-request'] %}
-    header_upstream -Cache-Control
-    header_upstream -Pragma
-{%-   endif %} {#-   if slave_parameter['disable-no-cache-request'] #}
-    transparent
-  } {# proxy #}
-{%-   endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
-  {%- if slave_parameter['default-path'] %}
-  redir 301 {
-    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
-  } {# redir #}
-  {%- endif %} {#- if slave_parameter['default-path'] #}
-{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
-  rewrite {
-    regexp (.*)
-    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
-{%- if tls %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
  }
  rewrite {
    regexp (.*)
    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
-{%- if tls %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
-  }
-{%- else %}
-  rewrite {
-    regexp (.*)
-{%- if tls %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- else %}
-    to /VirtualHostBase/{scheme}%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ zope_path }}VirtualHostRoot/{1}
-{%- endif %}
-  } {# rewrite #}
-{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
-{%- elif slave_parameter['type'] == 'redirect' %}
-{%-   if backend_url %}
-  # Redirect configuration
-  redir 302 {
-    /  {{ backend_url }}{rewrite_uri}
-  }
-{%-   endif %}
 {%- elif slave_parameter['type'] == 'notebook' %}
  proxy / {{ backend_url }} {
 {{ proxy_header() }}
@@ -186,36 +85,6 @@
    websocket
    without /proxy/
  }
-{%- elif slave_parameter['type'] == 'websocket' %}
-{%-   if slave_parameter['websocket-path-list'] %}
-  proxy / {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-{%-     if slave_parameter['websocket-transparent'] %}
-    transparent
-{%-     else %}
-    header_upstream Host {host}
-{%-     endif %}
-  }
-{%-     for websocket_path in slave_parameter['websocket-path-list'] %}
-  proxy "/{{ websocket_path }}" {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-    websocket
-{%-       if slave_parameter['websocket-transparent'] %}
-    transparent
-{%-       else %}
-    header_upstream Host {host}
-{%-       endif %}
-  }
-{%-     endfor %}
-{%-   else %}
-  proxy / {{ backend_url }} {
-{{ proxy_header() }}
-{{ hsts_header(tls) }}
-    websocket
-{%-   if slave_parameter['websocket-transparent'] %}
-    transparent
 {%-   else %}
    header_upstream Host {host}
 {%-   endif %}
@@ -223,12 +92,6 @@
 {%-   endif %}
 {%- else %} {#- if slave_parameter['type'] ==  'zope' and backend_url #}
  # Default configuration
-{%-   if slave_parameter['default-path'] %}
-  redir 301 {
-    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
-  }  {# redir #}
-{%-   endif %} {#-   if slave_parameter['default-path'] #}
 {%-   if backend_url %}
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}

--- a/software/caddy-frontend/templates/empty.in
+++ b/software/caddy-frontend/templates/empty.in
--- a/software/caddy-frontend/templates/expose-csr-nginx.conf.in
+++ b/software/caddy-frontend/templates/expose-csr-nginx.conf.in
--- a/software/rapid-cdn/templates/frontend-haproxy-crt-list.in
+++ b/software/rapid-cdn/templates/frontend-haproxy-crt-list.in
+{%- for slave in frontend_slave_list %}
+{%-   set entry_list = [] %}
+{%-   set sslbindconf = [] %}
+{#-   <crtfile> #}
+{%-   do entry_list.append(slave['certificate']) %}
+{%-   if slave['ciphers'] %}
+{%-     do sslbindconf.append('ciphers %s' % (slave['ciphers']),) %}
+{%-   endif %}
+{%-   if slave['enable_h2'] %}
+{%-     do sslbindconf.append('alpn h2,http/1.1,http/1.0') %}
+{%-   else %}
+{%-     do sslbindconf.append('alpn http/1.1,http/1.0') %}
+{%-   endif %}
+{%-   do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
+{#-   <snifilter> #}
+{%-   do entry_list.extend(slave['host_list']) %}
+{{-    ' '.join(entry_list) }}
+{% endfor -%}
+# Fallback to default certificate
+{{ configuration['master-certificate'] }}
+# END OF FILE
--- a/software/rapid-cdn/templates/frontend-haproxy-rsyslogd.conf.in
+++ b/software/rapid-cdn/templates/frontend-haproxy-rsyslogd.conf.in
+module(
+  load="imuxsock"
+  SysSock.Name="{{ configuration['log-socket'] }}")
+# Just simply output the raw line without any additional information, as
+# haproxy emits enough information by itself
+# Also cut out first empty space in msg, which is related to rsyslogd
+# internal and end up cutting on 8k, as it's default of $MaxMessageSize
+template(name="rawoutput" type="string" string="%msg:2:8192%\n")
+$ActionFileDefaultTemplate rawoutput
+$FileCreateMode 0600
+$DirCreateMode 0700
+$Umask 0022
+$WorkDirectory {{ configuration['spool-directory'] }}
+# Setup logging per slave, by extracting the slave name from the log stream
+{%- set regex = "^\\\\s*(\\\\S.*)-https{0,1} (.*)" %}
+# Extract file name part from 1st match
+template(name="extract_slave_name" type="string" string="%msg:R,ERE,1,FIELD:{{ regex }}--end%")
+set $!slave_name = exec_template("extract_slave_name");
+template(name="slave_output" type="string" string="{{ configuration['slave-log-directory'] }}/%$!slave_name%_access_log")
+# Output only 2nd match, add the newline in the ned
+template(name="haproxy_slave_line" type="string" string="%msg:R,ERE,2,FIELD:{{ regex }}--end%\n")
+# React on match
+if (re_match($msg, '{{ regex }}')) then {
+ action(type="omfile" dynaFile="slave_output" template="haproxy_slave_line")
+ stop
+}
+{#- emit all not catched messages to full log file #}
+*.* {{ configuration['log-file'] }}
--- a/software/rapid-cdn/templates/frontend-haproxy.cfg.in
+++ b/software/rapid-cdn/templates/frontend-haproxy.cfg.in
+{%- if configuration['quic'] == 'True' %}
+{%-   set QUIC = True %}
+{%- else %}
+{%-   set QUIC = False %}
+{%- endif %}
+global
+  pidfile {{ configuration['pid-file'] }}
+  # master-worker is compatible with foreground with process management
+  master-worker
+  expose-experimental-directives
+  log {{ configuration['log-socket'] }} local0
+defaults
+  mode http
+  log global
+  option httplog
+  timeout queue 60s
+  timeout server {{ configuration['request-timeout'] }}s
+  timeout client {{ configuration['request-timeout'] }}s
+  timeout connect 2s
+  retries 3
+  timeout tunnel 1h
+  default-server init-addr last,libc,none
+{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
+{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
+{#-   wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
+{#-   if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #}
+{%-     set host_list = (slave_instance.get('server-alias') or  '').split() %}
+{%-     if slave_instance.get('custom_domain') not in host_list %}
+{%-       do host_list.append(slave_instance.get('custom_domain')) %}
+{%-     endif %}
+{%-     set matched = {'count': 0} %}
+{%-     for host in host_list %}
+{#-       Match up to the end or optional port (starting with ':') #}
+{#-       Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
+{%-       if wildcard and host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
+# match wildcard {{ host }}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
+{%-       elif not wildcard and not host.startswith('*.') %}
+{%-         do matched.__setitem__('count', matched['count'] + 1) %}
+  acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
+{%-       endif %}
+{%-     endfor %}
+{%-     if matched['count'] > 0 %}
+  use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
+{%-     endif %}
+{#-   endif #}
+{%- endmacro %}
+{%- macro frontend_common() %}
+  # normalize URIs as it's expected by the backends
+  http-request normalize-uri path-merge-slashes
+  http-request normalize-uri path-strip-dot
+  http-request normalize-uri path-strip-dotdot
+  # Combined Log Format
+  capture request header REMOTE_USER len 255
+  capture request header Referer len 255
+  capture request header User-Agent len 255
+  log-format "%{+E}o %b %ci - %[capture.req.hdr(0)] [%trl] \"%HM %HU %HV\" %ST %B \"%[capture.req.hdr(1)]\" \"%[capture.req.hdr(2)]\" %Ta"
+  # setup Via
+  http-request add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
+  # setup X-Forwarded-For
+  http-request set-header X-Forwarded-For "%ci"
+{%- endmacro %}
+frontend http-frontend
+  bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
+  bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
+{{ frontend_common() }}
+{%- for slave_instance in frontend_slave_list -%}
+{{ frontend_entry(slave_instance, 'http', False) }}
+{%- endfor %}
+{%- for slave_instance in frontend_slave_list -%}
+{{ frontend_entry(slave_instance, 'http', True) }}
+{%- endfor %}
+  default_backend BACKEND_NOT_FOUND
+frontend https-frontend
+  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
+  bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
+{%- if QUIC %}
+  bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
+  bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
+  http-response set-header alt-svc "h3=\":%fp\";ma=900;"
+  {#- Ask Chromium to use QUIC #}
+  http-response set-header alternate-protocol %fp:quic
+{%- endif %}
+{{ frontend_common() }}
+{%- for slave_instance in frontend_slave_list -%}
+{{ frontend_entry(slave_instance, 'https', False) }}
+{%- endfor %}
+{%- for slave_instance in frontend_slave_list -%}
+{{ frontend_entry(slave_instance, 'https', True) }}
+{%- endfor %}
+  default_backend BACKEND_NOT_FOUND
+# Backends
+{%- for slave_instance in frontend_slave_list %}
+{%-   for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
+{%-     set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
+backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
+{%-     if scheme == 'http' and slave_instance['https-only'] %}
+{#-     Support https-only if connected via http #}
+  redirect scheme https code 302
+{%-     else %}
+{%-       if 'hostname' in info_dict and 'port' in info_dict %}
+{%-         if slave_instance['type'] == 'redirect' %}
+  redirect prefix {{ info_dict['scheme'] }}://{{ info_dict['hostname'] }}:{{ info_dict['port'] }} code 302
+{%-         else %}
+  server {{ slave_instance['slave_reference'] }}-backend-{{ scheme }} {{ info_dict['hostname'] }}:{{ info_dict['port'] }}
+{%-           if slave_instance['disable-via-header'] %}
+  http-response del-header Via
+{%-           else %}
+  http-response add-header Via "%HV rapid-cdn-frontend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
+{%-           endif %}
+{%-           if scheme == 'https' %}
+{%-             if slave_instance['strict-transport-security'] > 0 %}
+{%-               set strict_transport_security = ['max-age=%i' % (slave_instance['strict-transport-security'],)] %}
+{%-               if slave_instance['strict-transport-security-sub-domains'] %}
+{%-                 do strict_transport_security.append('; includeSubDomains') %}
+{%-               endif %}
+{%-               if slave_instance['strict-transport-security-preload'] %}
+{%-                 do strict_transport_security.append('; preload') %}
+{%-               endif %}
+  http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
+{%-             endif %}
+{%-           endif %}
+{%-           for disabled_cookie in slave_instance['disabled-cookie-list'] %}
+  http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
+{%-           endfor %}
+{%-           if slave_instance['disable-no-cache-request'] %}
+  http-request del-header Cache-Control
+  http-request del-header Pragma
+{%-           endif %}
+{%-           if slave_instance['prefer-gzip-encoding-to-backend'] %}
+  http-request set-header Accept-Encoding gzip if { hdr(Accept-Encoding) -m sub gzip }
+{%-           endif %}
+{%-           if slave_instance['type'] == 'notebook' %}
+{#-             In haproxy world type:notebook is simple type:websocket with default parameters #}
+{%-             do slave_instance.__setitem__('type', 'websocket') %}
+{%-             do slave_instance.__setitem__('websocket-path-list', None) %}
+{%-             do slave_instance.__setitem__('websocket-transparent', True) %}
+{%-           endif %}
+{%-           if slave_instance['type'] == 'websocket' %}
+{%-             if slave_instance['websocket-path-list'] %}
+{%-               set acl_entry = ['acl is_websocket '] %}
+{%-               for path in slave_instance['websocket-path-list'] %}
+{%-                 do acl_entry.append('path -i -m beg /%s || ' % (path.replace('%', '%%'),)) %}
+{%-               endfor %}
+{%-               do acl_entry.append('always_false') %}
+  {{ ''.join(acl_entry) }}
+{%-             else %}
+  acl is_websocket always_true
+{%-             endif %}
+  http-request set-header X-Forwarded-Proto {{ scheme }} if !is_websocket
+  http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if !is_websocket
+{%-             if slave_instance['websocket-transparent'] %}
+  http-request set-header X-Real-Ip "%ci" if is_websocket
+  http-request set-header X-Forwarded-Proto {{ scheme }} if is_websocket
+  http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }} if is_websocket
+{%-             else %}
+{#-               Pass-thourgh: X-Forwarded-Proto, X-Forwarded-Port #}
+{%-             endif %}
+{%-           else %}
+  http-request set-header X-Forwarded-Proto {{ scheme }}
+  http-request set-header X-Forwarded-Port {{ configuration[scheme + '-port'] }}
+{%-           endif %} {# if slave_instance['type'] == 'websocket' #}
+{%-           if slave_instance['type'] == 'zope' %}
+{%-             if slave_instance['default-path'] %}
+  http-request redirect location {{ scheme}}://%[hdr(host)]/{{ slave_instance['default-path'] | replace('%', '%%') }} code 301 if { path / }
+{%-               set not_path_acl = 'if ! { path / }' %}
+{%-             else %}
+{%-               set not_path_acl = '' %}
+{%-             endif %}
+{%-             if slave_instance['path'].strip().strip('/') %}
+{%-               set zope_path = slave_instance['path'].strip().strip('/').replace('%', '%%') ~ '/' %}
+{%-             else %}
+{%-               set zope_path = '' %}
+{%-             endif %}
+  http-request set-path /VirtualHostBase/{{ scheme }}/%[req.hdr(Host),field(1,:)]:{{ slave_instance['virtualhostroot-%s-port' % (scheme,)] }}/{{ zope_path }}VirtualHostRoot%[path] {{ not_path_acl }}
+{%-           endif %}
+{%-           if info_dict['path'] %}
+  http-request set-path {{ info_dict['path'] }}%[path]
+{%-           endif %} {# if info_dict['path'] #}
+{%-         endif %} {# if slave_instance['type'] == 'redirect' #}
+{%-       endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
+{%-     endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
+{%-   endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
+{%- endfor %} {# for slave_instance in frontend_slave_list #}
+backend BACKEND_NOT_FOUND
+  {#- a bit hacky but working way to provide default CDN's 404 #}
+  {#- inspired by https://sleeplessbeastie.eu/2020/05/11/how-to-serve-single-file-using-haproxy/ #}
+  http-request set-log-level silent
+  errorfile 503 {{ configuration['not-found-file'] }}
+{# END OF FILE #}
--- a/software/caddy-frontend/templates/graceful-script.sh.in
+++ b/software/caddy-frontend/templates/graceful-script.sh.in
--- a/software/caddy-frontend/templates/lazy-script-call.sh.in
+++ b/software/caddy-frontend/templates/lazy-script-call.sh.in
--- a/software/caddy-frontend/templates/notfound.html
+++ b/software/caddy-frontend/templates/notfound.html
+HTTP/1.0 404 Not Found
+Cache-Control: no-cache
+Connection: close
+Content-Type: text/html
 <html>
 <head>
  <title>Instance not found</title>

--- a/software/caddy-frontend/templates/rotate-script.sh.in
+++ b/software/caddy-frontend/templates/rotate-script.sh.in
--- a/software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
+++ b/software/caddy-frontend/templates/slave-introspection-httpd-nginx.conf.in
--- a/software/caddy-frontend/templates/trafficserver/logging.yaml.jinja2
+++ b/software/caddy-frontend/templates/trafficserver/logging.yaml.jinja2
--- a/software/caddy-frontend/templates/trafficserver/records.config.jinja2
+++ b/software/caddy-frontend/templates/trafficserver/records.config.jinja2
--- a/software/caddy-frontend/templates/trafficserver/storage.config.jinja2
+++ b/software/caddy-frontend/templates/trafficserver/storage.config.jinja2
--- a/software/caddy-frontend/templates/validate-script.sh.in
+++ b/software/caddy-frontend/templates/validate-script.sh.in
--- a/software/caddy-frontend/templates/wrapper.in
+++ b/software/caddy-frontend/templates/wrapper.in
--- a/software/caddy-frontend/test/setup.py
+++ b/software/caddy-frontend/test/setup.py
@@ -27,11 +27,11 @@
 from setuptools import setup, find_packages
 version = '0.0.1.dev0'
-name = 'slapos.test.caddy-frontend'
+name = 'slapos.test.rapid-cdn'
 setup(name=name,
      version=version,
-      description="Test for SlapOS' Caddy Frontend",
+      description="Test for SlapOS' Rapid.CDN",
      maintainer="Nexedi",
      maintainer_email="info@nexedi.com",
      url="https://lab.nexedi.com/nexedi/slapos",

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
 import json
 import multiprocessing
 import subprocess
-from unittest import skip, expectedFailure
+from unittest import skip
 import ssl
 from http.server import HTTPServer
 from http.server import BaseHTTPRequestHandler
@@ -406,7 +406,7 @@ class TestDataMixin(object):
    # test00 name chosen to be run just after setup
    self._test_file_list(['var', 'run'], [
      # can't be sure regarding its presence
-      'caddy_configuration_last_state',
+      'frontend_haproxy_configuration_last_state',
      'validate_configuration_state_signature',
      # run by cron from time to time
      'monitor/monitor-collect.pid',
@@ -430,11 +430,6 @@ class TestDataMixin(object):
    data_replacement_dict = {
      '{hash-generic}': generateHashFromFiles(hash_file_list)
    }
-    for caddy_wrapper_path in glob.glob(os.path.join(
-      self.instance_path, '*', 'bin', 'caddy-wrapper')):
-      partition_id = caddy_wrapper_path.split('/')[-3]
-      data_replacement_dict['{hash-caddy-%s}' % (partition_id)] = \
-          generateHashFromFiles([caddy_wrapper_path] + hash_file_list)
    for backend_haproxy_wrapper_path in glob.glob(os.path.join(
      self.instance_path, '*', 'bin', 'backend-haproxy-wrapper')):
      partition_id = backend_haproxy_wrapper_path.split('/')[-3]
@@ -708,7 +703,8 @@ class TestHandler(BaseHTTPRequestHandler):
        response = base64.b64decode(self.headers['x-reply-body'])
    time.sleep(timeout)
-    self.send_response(status_code)
+    self.send_response_only(status_code)
+    self.send_header('Server', self.server_version)
    for key, value in list(header_dict.items()):
      self.send_header(key, value)
@@ -937,8 +933,8 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
        time.sleep(2)
      # assert that in the worst case last run was correct
      assert return_code == 0, output
-      # give caddy a moment to refresh its config, as sending signal does not
+      # give haproxy a moment to refresh its config, as sending signal does not
-      # block until caddy is refreshed
+      # block until haproxy is refreshed
      time.sleep(2)
  @classmethod
@@ -989,15 +985,11 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
  def assertResponseHeaders(
    self, result, cached=False, via=True, backend_reached=True):
    headers = result.headers.copy()
-    self.assertKeyWithPop('Date', headers)
+    self.assertKeyWithPop('Content-Length', headers)
-    # drop vary-keys
-    headers.pop('Connection', None)
-    headers.pop('Content-Length', None)
-    headers.pop('Keep-Alive', None)
-    headers.pop('Transfer-Encoding', None)
    if backend_reached:
      self.assertEqual('TestBackend', headers.pop('Server', ''))
+      self.assertKeyWithPop('Date', headers)
    via_id = '%s-%s' % (
      self.node_information_dict['node-id'],
@@ -1047,17 +1039,9 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
    )
    self.assertEqual(
      sorted([q['name'] for q in result.json()]),
-      ['access.log', 'backend.log', 'error.log'])
+      ['access.log', 'backend.log'])
-    self.assertEqual(
+    # assert only for few tests, as logs are available for sure only
-      http.client.OK,
+    # for few of them
-      requests.get(url + 'access.log', verify=False).status_code
-    )
-    self.assertEqual(
-      http.client.OK,
-      requests.get(url + 'error.log', verify=False).status_code
-    )
-    # assert only for few tests, as backend log is not available for many of
-    # them, as it's created on the fly
    for test_name in [
      'test_url', 'test_auth_to_backend', 'test_compressed_result']:
      if self.id().endswith(test_name):
@@ -1065,6 +1049,10 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
          http.client.OK,
          requests.get(url + 'backend.log', verify=False).status_code
        )
+        self.assertEqual(
+          http.client.OK,
+          requests.get(url + 'access.log', verify=False).status_code
+        )
  def assertKedifaKeysWithPop(self, parameter_dict, prefix=''):
    generate_auth_url = parameter_dict.pop('%skey-generate-auth-url' % (
@@ -1229,13 +1217,13 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
        break
  @classmethod
-  def waitForCaddy(cls):
+  def waitForFrontend(cls):
    def method():
      fakeHTTPSResult(
        cls._ipv4_address,
        '/',
      )
-    cls.waitForMethod('waitForCaddy', method)
+    cls.waitForMethod('waitForFrontend', method)
  @classmethod
  def _cleanup(cls, snapshot_name):
@@ -1250,7 +1238,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
          os.environ.get(
              'SLAPOS_TEST_WORKING_DIR',
              os.path.join(os.getcwd(), '.slapos'))),
-          'caddy-frontend-test')
+          'rapid-cdn-test')
      if not os.path.isdir(cls.working_directory):
        os.mkdir(cls.working_directory)
@@ -1282,7 +1270,7 @@ class HttpFrontendTestCase(SlapOSInstanceTestCase):
      cls.software_path = os.path.realpath(os.path.join(
          cls.computer_partition_root_path, 'software_release'))
      cls.setUpMaster()
-      cls.waitForCaddy()
+      cls.waitForFrontend()
    except BaseException:
      cls.logger.exception("Error during setUpClass")
      # "{}.{}.setUpClass".format(cls.__module__, cls.__name__) is already used
@@ -1450,10 +1438,16 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
        self.instance_path, '*', 'var', 'log', 'httpd', log_name
      ))[0]
-    with open(log_file) as fh:
+    # sometimes logs appear with a bit of delay, so give it a chance
-      self.assertRegex(
+    for _ in range(5):
-        fh.readlines()[-1],
+      with open(log_file, 'r') as fh:
-        log_regexp)
+        line = fh.readlines()[-1]
+      if re.match(log_regexp, line):
+        break
+      time.sleep(0.5)
+    self.assertRegex(
+      line,
+      log_regexp)
 class TestMasterRequestDomain(HttpFrontendTestCase, TestDataMixin):
@@ -1646,7 +1640,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
      'request-timeout': '12',
    }
@@ -1925,7 +1918,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      },
      'ciphers': {
        'ciphers': 'RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
-      }
+      },
+      'ciphers-translation-all': {
+        # all ciphers from instance-master.cfg.in found in GOOD_CIPHER_LIST
+        # and keys of CIPHER_TRANSLATION_DICT in order to check translations
+        'ciphers':
+        'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 '
+        'ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 '
+        'ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 '
+        'ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA '
+        'ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA '
+        'RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA '
+        'RSA-3DES-EDE-CBC-SHA',
+      },
    }
  monitor_setup_url_key = 'monitor-setup-url'
@@ -2095,15 +2100,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
      'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
      'domain': 'example.com',
-      'accepted-slave-amount': '55',
+      'accepted-slave-amount': '56',
      'rejected-slave-amount': '0',
-      'slave-amount': '55',
+      'slave-amount': '56',
      'rejected-slave-dict': {
      },
      'warning-slave-dict': {
        '_Url': [
          "slave url ' %(backend)s/?a=b&c= ' has been converted to "
-          "'%(backend)s/?a=b&c='" % {'backend': self.backend_url}]}
+          "'%(backend)s/?a=b&c='" % {'backend': self.backend_url}],
+        '_ciphers': [
+          "Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
+          "Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"],
+        '_ciphers-translation-all': [
+          "Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
+          "'ECDHE-ECDSA-AES128-SHA'",
+          "Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
+          "'ECDHE-ECDSA-AES256-SHA'",
+          "Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
+          "'ECDHE-ECDSA-CHACHA20-POLY1305'",
+          "Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
+          "'ECDHE-RSA-DES-CBC3-SHA'",
+          "Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
+          "'ECDHE-RSA-AES128-SHA'",
+          "Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
+          "'ECDHE-RSA-AES256-SHA'",
+          "Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
+          "'ECDHE-RSA-CHACHA20-POLY1305'",
+          "Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
+          "Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
+          "Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]
+      }
    }
    self.assertEqual(
@@ -2163,11 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      expected_node_information
    )
-  def test_slave_partition_state(self):
-    partition_path = self.getSlavePartitionPath()
-    with open(os.path.join(partition_path, 'bin', 'caddy-wrapper')) as fh:
-      self.assertIn('-grace 2s', fh.read())
  def test_monitor_conf(self):
    monitor_conf_list = glob.glob(
      os.path.join(
@@ -2249,25 +2272,23 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
        self.assertFalse('connection-parameter-hash' in line)
        self.assertFalse('timestamp' in line)
-  def assertBackendHeaders(
+  def assertRequestHeaders(
-    self, backend_header_dict, domain, source_ip=SOURCE_IP, port=HTTPS_PORT,
+    self, header_dict, domain=None, source_ip=SOURCE_IP,
-    proto='https', ignore_header_list=None, cached=False):
+    port=HTTPS_PORT, proto='https', cached=False):
-    if ignore_header_list is None:
+    if domain is not None:
-      ignore_header_list = []
-    if 'Host' not in ignore_header_list:
      self.assertEqual(
-        backend_header_dict['host'],
+        header_dict['host'],
        '%s:%s' % (domain, port))
    self.assertEqual(
-      backend_header_dict['x-forwarded-for'],
+      header_dict['x-forwarded-for'],
      source_ip
    )
    self.assertEqual(
-      backend_header_dict['x-forwarded-port'],
+      header_dict['x-forwarded-port'],
      port
    )
    self.assertEqual(
-      backend_header_dict['x-forwarded-proto'],
+      header_dict['x-forwarded-proto'],
      proto
    )
    via_id = '%s-%s' % (
@@ -2281,7 +2302,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
          'http/1.1 rapid-cdn-cache-%(via_id)s' % dict(via_id=via_id),
          'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
        ],
-        backend_header_dict['via']
+        header_dict['via']
      )
    else:
      self.assertEqual(
@@ -2290,18 +2311,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
          'HTTP/1.1 rapid-cdn-frontend-%(via_id)s' % dict(via_id=via_id),
          'HTTP/1.1 rapid-cdn-backend-%(via_id)s' % dict(via_id=via_id)
        ],
-        backend_header_dict['via']
+        header_dict['via']
      )
-  def test_telemetry_disabled(self):
-    # here we trust that telemetry not present in error log means it was
-    # really disabled
-    error_log_file = glob.glob(
-      os.path.join(
-       self.instance_path, '*', 'var', 'log', 'frontend-error.log'))[0]
-    with open(error_log_file) as fh:
-      self.assertNotIn('Sending telemetry', fh.read(), 'Telemetry enabled')
  def test_url(self):
    parameter_dict = self.assertSlaveBase(
      'Url',
@@ -2336,7 +2348,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqual(j['Incoming Headers']['timeout'], '10')
    self.assertFalse('Content-Encoding' in headers)
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2373,6 +2385,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    headers = self.assertResponseHeaders(
      result_http, via=False, backend_reached=False)
    self.assertEqual(
      'https://url.example.com:%s/test-path/deeper' % (HTTP_PORT,),
      headers['Location']
@@ -2396,6 +2409,19 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertIn("backend _Url-http\n", content)
    self.assertNotIn("backend _Url-https\n", content)
+    # check out access via IPv6
+    out_ipv6, err_ipv6 = self._curl(
+      parameter_dict['domain'], self._ipv6_address, HTTPS_PORT)
+    try:
+      j = json.loads(out_ipv6.decode())
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (out_ipv6.decode(),))
+    self.assertEqual(
+       self._ipv6_address,
+       j['Incoming Headers']['x-forwarded-for']
+    )
  def test_url_netloc_list(self):
    parameter_dict = self.assertSlaveBase('url-netloc-list')
    result = fakeHTTPSResult(parameter_dict['domain'], 'path')
@@ -2443,7 +2469,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      self.assertEqual(j['Incoming Headers']['timeout'], '10')
      self.assertFalse('Content-Encoding' in result.headers)
-      self.assertBackendHeaders(
+      self.assertRequestHeaders(
         j['Incoming Headers'], parameter_dict['domain'])
      self.assertEqual(
@@ -2518,7 +2544,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqual(j['Incoming Headers']['timeout'], '10')
    self.assertFalse('Content-Encoding' in result.headers)
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -2607,40 +2633,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      }
    )
-    self.assertEqual(
+    self.assertNotIn('Content-Type', result.headers)
-      'text/xml; charset=utf-8',
-      result.headers['Content-Type']
-    )
-  @skip('Feature postponed')
-  def test_url_ipv6_access(self):
-    parameter_dict = self.parseSlaveParameterDict('url')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'domain': 'url.example.com',
-        'replication_number': '1',
-        'url': 'http://url.example.com',
-        'site_url': 'http://url.example.com',
-        'secure_access': 'https://url.example.com',
-      },
-      parameter_dict
-    )
-    result_ipv6 = fakeHTTPSResult(
-      parameter_dict['domain'], self._ipv6_address, 'test-path',
-      source_ip=self._ipv6_address)
-    self.assertEqual(
-       self._ipv6_address,
-       result_ipv6.json()['Incoming Headers']['x-forwarded-for']
-    )
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result_ipv6.peercert))
-    self.assertEqualResultJson(result_ipv6, 'Path', '/test-path')
  def test_type_zope_path(self):
    parameter_dict = self.assertSlaveBase('type-zope-path')
@@ -2749,7 +2742,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqual(j['Incoming Headers']['timeout'], '10')
    self.assertFalse('Content-Encoding' in result.headers)
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'secured=value;secure, nonsecured=value',
@@ -3057,7 +3050,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqualResultJson(
      result,
@@ -3076,7 +3069,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    self.assertEqual(
-      'https://typezope.example.com:%s/test-path/deep/.././deeper' % (
+      'https://typezope.example.com:%s/test-path/deeper' % (
        HTTP_PORT,),
      result.headers['Location']
    )
@@ -3097,7 +3090,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqualResultJson(
      result,
@@ -3132,7 +3125,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqualResultJson(
      result,
@@ -3175,7 +3168,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqualResultJson(
      result,
@@ -3195,7 +3188,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    self.assertEqual(
-      'https://%s:%s/test-path/deep/.././deeper' % (
+      'https://%s:%s/test-path/deeper' % (
        parameter_dict['domain'], HTTP_PORT),
      result.headers['Location']
    )
@@ -3213,7 +3206,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqualResultJson(
      result,
@@ -3236,7 +3229,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    self.assertEqual(
-      'https://%s:%s/test-path/deep/.././deeper' % (
+      'https://%s:%s/test-path/deeper' % (
        parameter_dict['domain'], HTTP_PORT),
      result.headers['Location']
    )
@@ -3274,29 +3267,35 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
  def test_type_notebook(self):
+    # CDN's type:notebook in haproxy world is simply like type:websocket on
+    # default parameters, so test has been adapted
+    # generally, websocket is possible to be served on any path, which is
+    # haproxy default
    parameter_dict = self.assertSlaveBase('type-notebook')
    result = fakeHTTPSResult(
-      parameter_dict['domain'],
+      parameter_dict['domain'], 'test-path',
-      'test-path',
+      headers={'Connection': 'Upgrade'})
-      HTTPS_PORT)
    self.assertEqual(
      self.certificate_pem,
      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
+    self.assertEqualResultJson(
+      result,
-    result = fakeHTTPSResult(
+      'Path',
-      parameter_dict['domain'],
+      '/test-path'
-      'test/terminals/websocket/test',
+    )
-      HTTPS_PORT)
+    try:
+      j = result.json()
+    except Exception:
+      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
-      self.certificate_pem,
+      'Upgrade',
-      der2pem(result.peercert))
+      j['Incoming Headers']['connection']
+    )
-    self.assertEqualResultJson(result, 'Path', '/terminals/websocket')
+    self.assertTrue('x-real-ip' in j['Incoming Headers'])
    self.assertFalse(
      isHTTP2(parameter_dict['domain']))
@@ -3321,7 +3320,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3351,10 +3350,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    parsed = urllib.parse.urlparse(self.backend_url)
+    self.assertRequestHeaders(
-    self.assertBackendHeaders(
+      j['Incoming Headers'], port='17', proto='irc')
-      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
-      ignore_header_list=['Host'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3386,8 +3383,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
-    self.assertTrue('x-real-ip' in j['Incoming Headers'])
+    self.assertFalse('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
      parameter_dict['domain'], 'ws/test-path',
@@ -3404,7 +3401,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3426,7 +3423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3457,10 +3454,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    parsed = urllib.parse.urlparse(self.backend_url)
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
-    self.assertBackendHeaders(
-      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
-      ignore_header_list=['Host'])
    self.assertFalse('x-real-ip' in j['Incoming Headers'])
    result = fakeHTTPSResult(
@@ -3478,9 +3472,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
-      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      j['Incoming Headers'], port='17', proto='irc')
-      ignore_header_list=['Host'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3502,9 +3495,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
-      j['Incoming Headers'], parsed.hostname, port='17', proto='irc',
+      j['Incoming Headers'], port='17', proto='irc')
-      ignore_header_list=['Host'])
    self.assertEqual(
      'Upgrade',
      j['Incoming Headers']['connection']
@@ -3532,6 +3524,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      result.headers['Location']
    )
+    self.assertResponseHeaders(
+      result, via=False, backend_reached=False)
    result = fakeHTTPResult(
      parameter_dict['domain'],
      'test-path/deep/.././deeper')
@@ -3546,6 +3541,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      result.headers['Location']
    )
+    self.assertResponseHeaders(
+      result, via=False, backend_reached=False)
  def test_type_redirect_custom_domain(self):
    parameter_dict = self.assertSlaveBase(
      'type-redirect-custom_domain', hostname='customdomaintyperedirect')
@@ -3568,6 +3566,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      result.headers['Location']
    )
+    self.assertResponseHeaders(
+      result, via=False, backend_reached=False)
  def test_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
    parameter_dict = self.assertSlaveBase(
      'ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
@@ -3614,7 +3615,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      j = result.json()
    except Exception:
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertBackendHeaders(j['Incoming Headers'], parameter_dict['domain'])
+    self.assertRequestHeaders(j['Incoming Headers'], parameter_dict['domain'])
    self.assertFalse('Content-Encoding' in result.headers)
@@ -3728,7 +3729,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
  def test_ciphers(self):
-    parameter_dict = self.assertSlaveBase('ciphers')
+    parameter_dict = self.assertSlaveBase(
+     'ciphers', expected_parameter_dict={
+       'warning-list': [
+         "Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
+         "Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'"]})
    result = fakeHTTPSResult(
      parameter_dict['domain'], 'test-path')
@@ -3754,12 +3759,73 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    configuration_file = glob.glob(
      os.path.join(
-        self.instance_path, '*', 'etc', 'caddy-slave-conf.d', '_ciphers.conf'
+        self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
      ))[0]
    with open(configuration_file) as fh:
-      self.assertIn(
+      self.assertTrue(
-        'ciphers RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA',
+        '/_ciphers.pem [ciphers DES-CBC3-SHA:AES128-SHA '
-        fh.read())
+        in fh.read()
+      )
+  def test_ciphers_translation_all(self):
+    parameter_dict = self.assertSlaveBase(
+     'ciphers-translation-all', expected_parameter_dict={
+       'warning-list': [
+         "Cipher 'ECDHE-ECDSA-AES128-CBC-SHA' translated to "
+         "'ECDHE-ECDSA-AES128-SHA'",
+         "Cipher 'ECDHE-ECDSA-AES256-CBC-SHA' translated to "
+         "'ECDHE-ECDSA-AES256-SHA'",
+         "Cipher 'ECDHE-ECDSA-WITH-CHACHA20-POLY1305' translated to "
+         "'ECDHE-ECDSA-CHACHA20-POLY1305'",
+         "Cipher 'ECDHE-RSA-3DES-EDE-CBC-SHA' translated to "
+         "'ECDHE-RSA-DES-CBC3-SHA'",
+         "Cipher 'ECDHE-RSA-AES128-CBC-SHA' translated to "
+         "'ECDHE-RSA-AES128-SHA'",
+         "Cipher 'ECDHE-RSA-AES256-CBC-SHA' translated to "
+         "'ECDHE-RSA-AES256-SHA'",
+         "Cipher 'ECDHE-RSA-WITH-CHACHA20-POLY1305' translated to "
+         "'ECDHE-RSA-CHACHA20-POLY1305'",
+         "Cipher 'RSA-3DES-EDE-CBC-SHA' translated to 'DES-CBC3-SHA'",
+         "Cipher 'RSA-AES128-CBC-SHA' translated to 'AES128-SHA'",
+         "Cipher 'RSA-AES256-CBC-SHA' translated to 'AES256-SHA'"]})
+    result = fakeHTTPSResult(
+      parameter_dict['domain'], 'test-path')
+    self.assertEqual(
+      self.certificate_pem,
+      der2pem(result.peercert))
+    self.assertEqual(http.client.SERVICE_UNAVAILABLE, result.status_code)
+    result_http = fakeHTTPResult(
+      parameter_dict['domain'], 'test-path')
+    self.assertEqual(
+      http.client.FOUND,
+      result_http.status_code
+    )
+    self.assertEqual(
+      'https://cipherstranslationall.example.com:%s/test-path' % (HTTP_PORT,),
+      result_http.headers['Location']
+    )
+    configuration_file = glob.glob(
+      os.path.join(
+        self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
+      ))[0]
+    with open(configuration_file) as fh:
+      self.assertTrue(
+        '/_ciphers.translation.all.pem [ciphers '
+        'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:'
+        'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:'
+        'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:'
+        'ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:'
+        'ECDHE-ECDSA-AES128-SHA:AES256-SHA:AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:'
+        'DES-CBC3-SHA'
+        in fh.read()
+      )
  def test_enable_cache_custom_domain(self):
    parameter_dict = self.assertSlaveBase(
@@ -3788,7 +3854,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
  def test_enable_cache_server_alias(self):
@@ -3816,7 +3882,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
    result = fakeHTTPResult(
@@ -3899,7 +3965,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
    # BEGIN: Check that squid.log is correctly filled in
@@ -4038,7 +4104,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
    # check stale-if-error support is really respected if not present in the
@@ -4168,7 +4234,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
    try:
@@ -4202,7 +4268,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    )
    backend_headers = result.json()['Incoming Headers']
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      backend_headers, parameter_dict['domain'], cached=True)
  def test_enable_http2_false(self):
@@ -4223,6 +4289,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      {
        'Content-Type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Connection': 'keep-alive',
      },
      headers
    )
@@ -4247,6 +4314,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      {
        'Content-type': 'application/json',
        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Connection': 'keep-alive',
      },
      headers
    )
@@ -4269,7 +4337,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'gzip', result.json()['Incoming Headers']['accept-encoding'])
@@ -4281,7 +4349,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'deflate', result.json()['Incoming Headers']['accept-encoding'])
@@ -4309,7 +4377,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'],
      port=HTTP_PORT, proto='http')
    self.assertEqual(
@@ -4322,7 +4390,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'],
      port=HTTP_PORT, proto='http')
    self.assertEqual(
@@ -4355,7 +4423,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'gzip', result.json()['Incoming Headers']['accept-encoding'])
@@ -4367,7 +4435,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
    self.assertEqualResultJson(result, 'Path', '/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'], parameter_dict['domain'])
    self.assertEqual(
      'deflate', result.json()['Incoming Headers']['accept-encoding'])
@@ -4446,16 +4514,18 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      result.headers['Location']
    )
-  def _curl(self, domain, ip, port, cookie):
+  def _curl(self, domain, ip, port, cookie=None):
    replacement_dict = dict(
-      domain=domain, ip=TEST_IP, port=HTTPS_PORT)
+      domain=domain, ip=ip, port=port)
    curl_command = [
        'curl', '-v', '-k',
        '-H', 'Host: %(domain)s' % replacement_dict,
        '--resolve', '%(domain)s:%(port)s:%(ip)s' % replacement_dict,
-        '--cookie', cookie,
-        'https://%(domain)s:%(port)s/' % replacement_dict,
    ]
+    if cookie is not None:
+      curl_command.extend(['--cookie', cookie])
+    curl_command.extend([
+      'https://%(domain)s:%(port)s/' % replacement_dict])
    prc = subprocess.Popen(
      curl_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
    )
@@ -4466,37 +4536,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
        curl_command, out, err))
    return out, err
-  @expectedFailure
  def test_disabled_cookie_list(self):
    parameter_dict = self.assertSlaveBase('disabled-cookie-list')
    out, err = self._curl(
      parameter_dict['domain'], TEST_IP, HTTPS_PORT,
      # Note: Cookie order is extremely important here, do not change
      # or test will start to pass incorrectly
-      'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent',
+      'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
+      'Coffee=present; Vanilia=absent; Water=present',
    )
    # self check - were the cookies sent in required order?
    self.assertIn(
-      'ookie: Coconut=absent; Chocolate=absent; Coffee=present; '
+      'ookie: Tea=present; Coconut=absent; DarkChocolate=present; '
-      'Vanilia=absent',
+      'Chocolate=absent; Coffee=present; Vanilia=absent; Water=present',
      err.decode())
    # real test - all configured cookies are dropped
    self.assertEqual(
-      'Coffee=present', json.loads(out)['Incoming Headers']['cookie'])
+      'Tea=present; DarkChocolate=present; Coffee=present; Water=present',
+      json.loads(out)['Incoming Headers']['cookie'])
  def test_disabled_cookie_list_simple(self):
-    parameter_dict = self.assertSlaveBase('disabled-cookie-list')
+    parameter_dict = self.assertSlaveBase('disabled-cookie-list-simple')
    out, err = self._curl(
      parameter_dict['domain'], TEST_IP, HTTPS_PORT,
-      'WhiteChocolate=present; Chocolate=absent; Coffee=present',
+      'Chocolate=absent; Coffee=present',
    )
    # self check - were the cookies sent in required order?
    self.assertIn(
-      'ookie: WhiteChocolate=present; Chocolate=absent; Coffee=present',
+      'ookie: Chocolate=absent; Coffee=present',
      err.decode())
    # real test - all configured cookies are dropped
    self.assertEqual(
-      'WhiteChocolate=present ; Coffee=present',
+      'Coffee=present',
      json.loads(out)['Incoming Headers']['cookie'])
  def test_https_url(self):
@@ -4515,7 +4586,7 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      result.headers['Strict-Transport-Security'])
    self.assertEqualResultJson(result, 'Path', '/https/test-path/deeper')
-    self.assertBackendHeaders(
+    self.assertRequestHeaders(
      result.json()['Incoming Headers'],
      parameter_dict['domain'])
@@ -4545,6 +4616,30 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
  timeout connect 10s
  retries 5""" in content)
+  def test_header_date(self):
+    # Precisely check out Date header behaviour
+    frontend = 'url_https-url'
+    parameter_dict = self.assertSlaveBase(frontend)
+    backend_url = self.getSlaveParameterDictDict()[
+      frontend]['https-url'].strip()
+    normal_path = 'normal'
+    with_date_path = 'with_date'
+    specific_date = 'Fri, 07 Dec 2001 00:00:00 GMT'
+    result_configure = requests.put(
+      backend_url + '/' + with_date_path, headers={
+        'X-Reply-Header-Date': specific_date
+      })
+    self.assertEqual(result_configure.status_code, http.client.CREATED)
+    result_normal = fakeHTTPSResult(parameter_dict['domain'], normal_path)
+    result_with_date = fakeHTTPSResult(
+      parameter_dict['domain'], with_date_path)
+    # Prove that Date header with value specific_date send by backend is NOT
+    # modified by the CDN, but some Date header is added, if backend sends non
+    self.assertEqual(result_with_date.headers['Date'], specific_date)
+    self.assertNotEqual(result_normal.headers['Date'], specific_date)
  def test_https_url_netloc_list(self):
    parameter_dict = self.assertSlaveBase('https-url-netloc-list')
    result = fakeHTTPSResult(parameter_dict['domain'], 'path')
@@ -4651,17 +4746,21 @@ class TestReplicateSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      parameter_dict['domain'], 'test-path')
    self.assertEqual(http.client.FOUND, result_http.status_code)
-    # prove 2nd frontend by inspection of the instance
+    # prove replication by asserting that slave ended up in both nodes
-    slave_configuration_name = '_replicate.conf'
+    frontend_haproxy_cfg_list = glob.glob(
-    slave_configuration_file_list = [
+      os.path.join(self.instance_path, '*', 'etc', 'frontend-haproxy.cfg'))
-      '/'.join([f[0], slave_configuration_name]) for f in [
+    self.assertEqual(2, len(frontend_haproxy_cfg_list))
-        q for q in os.walk(self.instance_path)
+    for frontend_haproxy_cfg in frontend_haproxy_cfg_list:
-        if slave_configuration_name in q[2]
+      with open(frontend_haproxy_cfg) as fh:
-      ]
+        self.assertIn('backend _replicate-http', fh.read())
-    ]
    self.assertEqual(
-      2, len(slave_configuration_file_list), slave_configuration_file_list)
+      2,
+      len(
+        glob.glob(
+          os.path.join(
+            self.instance_path, '*', 'etc', 'frontend-haproxy.d',
+            '._replicate.htpasswd')))
+    )
 class TestReplicateSlaveOtherDestroyed(SlaveHttpFrontendTestCase):
@@ -4947,7 +5046,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster(
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
    }
  @classmethod
@@ -5106,7 +5204,6 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
    }
  @classmethod
@@ -5665,7 +5762,6 @@ class TestSlaveSlapOSMasterCertificateCompatibilityUpdate(
    'plain_http_port': HTTP_PORT,
    'kedifa_port': KEDIFA_PORT,
    'caucase_port': CAUCASE_PORT,
-    'mpm-graceful-shutdown-timeout': 2,
  }
  @classmethod
@@ -5761,7 +5857,6 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
      'ciphers': 'ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384'
    }
@@ -5821,12 +5916,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    configuration_file = glob.glob(
      os.path.join(
-        self.instance_path, '*', 'etc', 'caddy-slave-conf.d',
+        self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
-        '_default_ciphers.conf'
      ))[0]
    with open(configuration_file) as fh:
      self.assertIn(
-        'ciphers ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384',
+        '_default_ciphers.pem [ciphers '
+        'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384 ',
        fh.read())
  def test_own_ciphers(self):
@@ -5847,12 +5942,12 @@ class TestSlaveCiphers(SlaveHttpFrontendTestCase, TestDataMixin):
    configuration_file = glob.glob(
      os.path.join(
-        self.instance_path, '*', 'etc', 'caddy-slave-conf.d',
+        self.instance_path, '*', 'etc', 'frontend-haproxy-crt-list.txt'
-        '_own_ciphers.conf'
      ))[0]
    with open(configuration_file) as fh:
      self.assertIn(
-        'ciphers ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256',
+        '_own_ciphers.pem [ciphers '
+        'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 ',
        fh.read())
@@ -6470,7 +6565,6 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
      'request-timeout': '12',
    }
@@ -6573,7 +6667,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
      'apache-key': self.key_pem,
      'domain': 'example.com',
      'enable-http2-by-default': True,
-      'mpm-graceful-shutdown-timeout': 2,
      're6st-verification-url': 're6st-verification-url',
      'backend-connect-timeout': 2,
      'backend-connect-retries': 1,
@@ -6665,12 +6758,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-1',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',
        'monitor-httpd-port': 8411,
        'monitor-username': 'admin',
-        'mpm-graceful-shutdown-timeout': '2',
        'plain_http_port': '11080',
        'port': '11443',
        'ram-cache-size': '512K',
@@ -6691,12 +6785,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-2',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',
        'monitor-httpd-port': 8412,
        'monitor-username': 'admin',
-        'mpm-graceful-shutdown-timeout': '2',
        'plain_http_port': '11080',
        'port': '11443',
        'ram-cache-size': '256K',
@@ -6717,12 +6812,13 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-3',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',
        'monitor-httpd-port': 8413,
        'monitor-username': 'admin',
-        'mpm-graceful-shutdown-timeout': '2',
        'plain_http_port': '11080',
        'port': '11443',
        're6st-verification-url': 're6st-verification-url',
@@ -6765,7 +6861,6 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'full_address_list': [],
        'instance_title': 'testing partition 0',
        'kedifa_port': '15080',
-        'mpm-graceful-shutdown-timeout': '2',
        'plain_http_port': '11080',
        'port': '11443',
        're6st-verification-url': 're6st-verification-url',
@@ -6793,7 +6888,6 @@ class TestSlaveHealthCheck(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
      'plain_http_port': HTTP_PORT,
      'kedifa_port': KEDIFA_PORT,
      'caucase_port': CAUCASE_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
      'request-timeout': '12',
    }
@@ -6930,7 +7024,7 @@ backend _health-check-custom-http
  retries 3
  server _health-check-custom-backend-http %s   check inter 15s"""
      """ rise 3 fall 7
-  option httpchk POST /POST-path%%20to%%20be%%20encoded HTTP/1.0
+  option httpchk POST /POST-path%%%%20to%%%%20be%%%%20encoded HTTP/1.0
  timeout check 7s""" % (backend,),
      'health-check-default': """\
 backend _health-check-default-http

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt
@@ -104,6 +104,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_log.txt
@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
-T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlaveGlobalDisableHttp2.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt
@@ -106,6 +106,8 @@
      "domain": "example.com",
      "enable-http2-by-default": "false",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_log.txt
@@ -7,17 +7,12 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_dummy-cached_access_log
 T-2/var/log/httpd/_dummy-cached_backend_log
-T-2/var/log/httpd/_dummy-cached_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
-T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
-T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable-http2-true_access_log
-T-2/var/log/httpd/_enable-http2-true_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestEnableHttp2ByDefaultFalseSlaveGlobalDisableHttp2.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt
@@ -62,6 +62,8 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_log.txt
@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00supervisor_state.txt
@@ -15,8 +15,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -25,8 +23,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test_file_list_plugin.txt
@@ -30,14 +30,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt
@@ -60,6 +60,8 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_log.txt
@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequest.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt
@@ -62,6 +62,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_log.txt
@@ -7,8 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestMasterRequestDomain.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt
@@ -76,6 +76,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_log.txt
@@ -7,10 +7,7 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
-T-2/var/log/httpd/_default_access_log
-T-2/var/log/httpd/_default_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt
@@ -76,6 +76,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00file_list_log.txt
@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_access_log
 T-2/var/log/httpd/_default_backend_log
-T-2/var/log/httpd/_default_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestRe6stVerificationUrlSlave.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt
@@ -80,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -117,6 +119,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-2",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00file_list_log.txt
@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_replicate_access_log
 T-2/var/log/httpd/_replicate_backend_log
-T-2/var/log/httpd/_replicate_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log
@@ -19,10 +17,7 @@ T-2/var/log/slave-introspection-error.log
 T-2/var/log/trafficserver/manager.log
 T-3/var/log/backend-haproxy.log
 T-3/var/log/expose-csr.log
-T-3/var/log/frontend-access.log
+T-3/var/log/frontend-haproxy.log
-T-3/var/log/frontend-error.log
-T-3/var/log/httpd/_replicate_access_log
-T-3/var/log/httpd/_replicate_error_log
 T-3/var/log/monitor-httpd-access.log
 T-3/var/log/monitor-httpd-error.log
 T-3/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid
@@ -16,5 +18,6 @@ T-3/var/run/backend-haproxy.pid
 T-3/var/run/backend_haproxy_configuration_last_state
 T-3/var/run/backend_haproxy_graceful_configuration_state_signature
 T-3/var/run/graceful_configuration_state_signature
+T-3/var/run/httpd.pid
 T-3/var/run/slave_introspection_configuration_last_state
 T-3/var/run/slave_introspection_graceful_configuration_state_signature
--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING
@@ -37,8 +36,6 @@ T-2:slave-instrospection-nginx-{hash-generic}-on-watch RUNNING
 T-2:slave-introspection-safe-graceful EXITED
 T-2:trafficserver-{hash-generic}-on-watch RUNNING
 T-2:trafficserver-reload EXITED
-T-3:6tunnel-11080-{hash-generic}-on-watch STOPPED
-T-3:6tunnel-11443-{hash-generic}-on-watch STOPPED
 T-3:backend-client-login-certificate-caucase-updater-on-watch STOPPED
 T-3:backend-haproxy-{hash-generic}-on-watch STOPPED
 T-3:backend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
@@ -47,8 +44,9 @@ T-3:bootstrap-monitor EXITED
 T-3:certificate_authority-{hash-generic}-on-watch STOPPED
 T-3:crond-{hash-generic}-on-watch STOPPED
 T-3:expose-csr-{hash-generic}-on-watch STOPPED
-T-3:frontend-caddy-safe-graceful EXITED
+T-3:frontend-haproxy-{hash-generic}-on-watch STOPPED
-T-3:frontend_caddy-{hash-caddy-T-3}-on-watch STOPPED
+T-3:frontend-haproxy-rsyslogd-{hash-generic}-on-watch STOPPED
+T-3:frontend-haproxy-safe-graceful EXITED
 T-3:kedifa-login-certificate-caucase-updater-on-watch STOPPED
 T-3:kedifa-updater-{hash-generic}-on-watch STOPPED
 T-3:monitor-httpd-{hash-generic}-on-watch STOPPED

--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestReplicateSlave.test_file_list_plugin.txt
@@ -35,14 +35,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py
@@ -60,14 +60,14 @@ T-3/etc/plugin/backend-haproxy-statistic-frontend.py
 T-3/etc/plugin/backend_haproxy_http.py
 T-3/etc/plugin/backend_haproxy_https.py
 T-3/etc/plugin/buildout-T-3-status.py
-T-3/etc/plugin/caddy_frontend_ipv4_http.py
-T-3/etc/plugin/caddy_frontend_ipv4_https.py
-T-3/etc/plugin/caddy_frontend_ipv6_http.py
-T-3/etc/plugin/caddy_frontend_ipv6_https.py
 T-3/etc/plugin/caucase-updater.py
 T-3/etc/plugin/check-free-disk-space.py
 T-3/etc/plugin/expose-csr-ip-port-listening.py
-T-3/etc/plugin/frontend-caddy-configuration-promise.py
+T-3/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-3/etc/plugin/frontend_haproxy_ipv4_http.py
+T-3/etc/plugin/frontend_haproxy_ipv4_https.py
+T-3/etc/plugin/frontend_haproxy_ipv6_http.py
+T-3/etc/plugin/frontend_haproxy_ipv6_https.py
 T-3/etc/plugin/monitor-bootstrap-status.py
 T-3/etc/plugin/monitor-http-frontend.py
 T-3/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test00cluster_request_instance_parameter_dict.txt
@@ -15,7 +15,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "request-timeout": "12",
@@ -435,6 +434,12 @@
        "slap_software_type": "RootSoftwareInstance",
        "slave_reference": "_ciphers",
        "slave_title": "_ciphers"
+      },
+      {
+        "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
+        "slap_software_type": "RootSoftwareInstance",
+        "slave_reference": "_ciphers-translation-all",
+        "slave_title": "_ciphers-translation-all"
      }
    ],
    "timestamp": "@@TIMESTAMP@@"
@@ -476,6 +481,10 @@
          "ciphers": "RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA",
          "slave_reference": "_ciphers"
        },
+        {
+          "ciphers": "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA",
+          "slave_reference": "_ciphers-translation-all"
+        },
        {
          "custom_domain": "mycustomdomain.example.com",
          "slave_reference": "_custom_domain",
@@ -777,7 +786,9 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
-      "extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
+      "extra_slave_instance_list": "[{\"authenticate-to-backend\": true, \"slave_reference\": \"_Url\", \"url\": \" http://@@_ipv4_address@@:@@_server_http_port@@//?a=b&c= \"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"authenticate-to-backend\": true, \"slave_reference\": \"_auth-to-backend-backend-ignore\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_auth-to-backend-not-configured\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/\"}, {\"slave_reference\": \"_bad-backend\", \"url\": \"http://bad.backend/\"}, {\"ciphers\": \"RSA-3DES-EDE-CBC-SHA RSA-AES128-CBC-SHA\", \"slave_reference\": \"_ciphers\"}, {\"ciphers\": \"ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-AES256-CBC-SHA ECDHE-RSA-AES128-CBC-SHA ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA RSA-AES256-CBC-SHA RSA-AES128-CBC-SHA ECDHE-RSA-3DES-EDE-CBC-SHA RSA-3DES-EDE-CBC-SHA\", \"slave_reference\": \"_ciphers-translation-all\"}, {\"custom_domain\": \"mycustomdomain.example.com\", \"slave_reference\": \"_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"mycustomdomainserveralias.example.com\", \"server-alias\": \"mycustomdomainserveralias1.example.com\", \"slave_reference\": \"_custom_domain_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"*.customdomain.example.com\", \"slave_reference\": \"_custom_domain_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Coconut Chocolate Vanilia\", \"slave_reference\": \"_disabled-cookie-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disabled-cookie-list\": \"Chocolate\", \"slave_reference\": \"_disabled-cookie-list-simple\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_empty\"}, {\"slave_reference\": \"_enable-http2-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable-http2\": false, \"slave_reference\": \"_enable-http2-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_enable_cache\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-no-cache-request\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-no-cache-request\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"disable-via-header\": true, \"enable_cache\": true, \"slave_reference\": \"_enable_cache-disable-via-header\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"https-only\": false, \"slave_reference\": \"_enable_cache-https-only-false\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainenablecache.example.com\", \"enable_cache\": true, \"slave_reference\": \"_enable_cache_custom_domain\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"server-alias\": \"enablecacheserveralias1.example.com\", \"slave_reference\": \"_enable_cache_server_alias\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"slave_reference\": \"_https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"https-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"slave_reference\": \"_https-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}, {\"monitor-ipv4-test\": \"monitor-ipv4-test\", \"slave_reference\": \"_monitor-ipv4-test\"}, {\"monitor-ipv6-test\": \"monitor-ipv6-test\", \"slave_reference\": \"_monitor-ipv6-test\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_prefer-gzip-encoding-to-backend-https-only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias1.example.com alias2.example.com\", \"slave_reference\": \"_server-alias\", \"strict-transport-security\": \"200\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"alias3.example.com\", \"slave_reference\": \"_server-alias-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"\", \"slave_reference\": \"_server-alias-empty\", \"strict-transport-security\": \"200\", \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"server-alias\": \"*.alias1.example.com\", \"slave_reference\": \"_server-alias-wildcard\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"alias4.example.com\", \"server-alias\": \"\", \"slave_reference\": \"_server-alias_custom_domain-duplicated\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify-unverified\", \"ssl-proxy-verify\": true, \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@test_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\", \"ssl-proxy-verify\": true, \"ssl_proxy_ca_crt\": \"@@another_server_ca.certificate_pem_double@@\", \"url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_only\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": false, \"https-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"slave_reference\": \"_type-redirect\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomaintyperedirect.example.com\", \"slave_reference\": \"_type-redirect-custom_domain\", \"type\": \"redirect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\"}, {\"slave_reference\": \"_type-websocket-websocket-path-list-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-path-list\": \"////ws//// /with%20space/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-websocket-websocket-transparent-false\", \"type\": \"websocket\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"websocket-transparent\": \"false\"}, {\"slave_reference\": \"_type-zope\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"default-path\": \"///default-path/to/some/resource///\", \"slave_reference\": \"_type-zope-default-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"path\": \"///path/to/some/resource///\", \"slave_reference\": \"_type-zope-path\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"prefer-gzip-encoding-to-backend\": \"true\", \"slave_reference\": \"_type-zope-prefer-gzip-encoding-to-backend-https-only\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"https-only\": \"false\", \"slave_reference\": \"_type-zope-virtualhostroot-http-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-http-port\": \"12345\"}, {\"slave_reference\": \"_type-zope-virtualhostroot-https-port\", \"type\": \"zope\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"virtualhostroot-https-port\": \"12345\"}, {\"slave_reference\": \"_url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\", \"url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\"}, {\"backend-connect-retries\": 5, \"backend-connect-timeout\": 10, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https\", \"request-timeout\": 15, \"slave_reference\": \"_url_https-url\", \"strict-transport-security\": \"200\", \"strict-transport-security-preload\": true, \"strict-transport-security-sub-domains\": true, \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/http\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -785,11 +796,10 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "request-timeout": "12",
-      "slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}"
+      "slave-kedifa-information": "{\"_Url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@Url_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-backend-ignore\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-backend-ignore_key-generate-auth-url@@?auth=\"}, \"_auth-to-backend-not-configured\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@auth-to-backend-not-configured_key-generate-auth-url@@?auth=\"}, \"_bad-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@bad-backend_key-generate-auth-url@@?auth=\"}, \"_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers_key-generate-auth-url@@?auth=\"}, \"_ciphers-translation-all\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ciphers-translation-all_key-generate-auth-url@@?auth=\"}, \"_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_key-generate-auth-url@@?auth=\"}, \"_custom_domain_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_server_alias_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_custom_domain_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_wildcard_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list_key-generate-auth-url@@?auth=\"}, \"_disabled-cookie-list-simple\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@disabled-cookie-list-simple_key-generate-auth-url@@?auth=\"}, \"_empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@empty_key-generate-auth-url@@?auth=\"}, \"_enable-http2-default\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-default_key-generate-auth-url@@?auth=\"}, \"_enable-http2-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable-http2-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-no-cache-request\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-no-cache-request_key-generate-auth-url@@?auth=\"}, \"_enable_cache-disable-via-header\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-disable-via-header_key-generate-auth-url@@?auth=\"}, \"_enable_cache-https-only-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache-https-only-false_key-generate-auth-url@@?auth=\"}, \"_enable_cache_custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_custom_domain_key-generate-auth-url@@?auth=\"}, \"_enable_cache_server_alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@enable_cache_server_alias_key-generate-auth-url@@?auth=\"}, \"_https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-only_key-generate-auth-url@@?auth=\"}, \"_https-url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@https-url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv4-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv4-test_key-generate-auth-url@@?auth=\"}, \"_monitor-ipv6-test\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@monitor-ipv6-test_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_server-alias\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_key-generate-auth-url@@?auth=\"}, \"_server-alias-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-duplicated_key-generate-auth-url@@?auth=\"}, \"_server-alias-empty\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-empty_key-generate-auth-url@@?auth=\"}, \"_server-alias-wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias-wildcard_key-generate-auth-url@@?auth=\"}, \"_server-alias_custom_domain-duplicated\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@server-alias_custom_domain-duplicated_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl-proxy-verify_ssl_proxy_ca_crt-unverified\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl-proxy-verify_ssl_proxy_ca_crt-unverified_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_only_key-generate-auth-url@@?auth=\"}, \"_type-notebook\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook_key-generate-auth-url@@?auth=\"}, \"_type-redirect\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect_key-generate-auth-url@@?auth=\"}, \"_type-redirect-custom_domain\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-redirect-custom_domain_key-generate-auth-url@@?auth=\"}, \"_type-websocket\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-path-list-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-path-list-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-websocket-websocket-transparent-false\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-websocket-websocket-transparent-false_key-generate-auth-url@@?auth=\"}, \"_type-zope\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope_key-generate-auth-url@@?auth=\"}, \"_type-zope-default-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-default-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-path\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-path_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend_key-generate-auth-url@@?auth=\"}, \"_type-zope-prefer-gzip-encoding-to-backend-https-only\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-prefer-gzip-encoding-to-backend-https-only_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-http-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-http-port_key-generate-auth-url@@?auth=\"}, \"_type-zope-virtualhostroot-https-port\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-zope-virtualhostroot-https-port_key-generate-auth-url@@?auth=\"}, \"_url-netloc-list\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url-netloc-list_key-generate-auth-url@@?auth=\"}, \"_url_https-url\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@/@@Url_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@url_https-url_key-generate-auth-url@@?auth=\"}}"
    },
    "full_address_list": [],
    "instance_title": "caddy-frontend-1",

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test00file_list_log.txt
@@ -7,166 +7,109 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_Url_access_log
 T-2/var/log/httpd/_Url_backend_log
-T-2/var/log/httpd/_Url_error_log
 T-2/var/log/httpd/_auth-to-backend-backend-ignore_access_log
 T-2/var/log/httpd/_auth-to-backend-backend-ignore_backend_log
-T-2/var/log/httpd/_auth-to-backend-backend-ignore_error_log
 T-2/var/log/httpd/_auth-to-backend-not-configured_access_log
 T-2/var/log/httpd/_auth-to-backend-not-configured_backend_log
-T-2/var/log/httpd/_auth-to-backend-not-configured_error_log
 T-2/var/log/httpd/_auth-to-backend_access_log
 T-2/var/log/httpd/_auth-to-backend_backend_log
-T-2/var/log/httpd/_auth-to-backend_error_log
 T-2/var/log/httpd/_bad-backend_access_log
 T-2/var/log/httpd/_bad-backend_backend_log
-T-2/var/log/httpd/_bad-backend_error_log
+T-2/var/log/httpd/_ciphers-translation-all_access_log
 T-2/var/log/httpd/_ciphers_access_log
-T-2/var/log/httpd/_ciphers_error_log
 T-2/var/log/httpd/_custom_domain_access_log
 T-2/var/log/httpd/_custom_domain_backend_log
-T-2/var/log/httpd/_custom_domain_error_log
 T-2/var/log/httpd/_custom_domain_server_alias_access_log
 T-2/var/log/httpd/_custom_domain_server_alias_backend_log
-T-2/var/log/httpd/_custom_domain_server_alias_error_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
-T-2/var/log/httpd/_custom_domain_wildcard_access_log
-T-2/var/log/httpd/_custom_domain_wildcard_error_log
 T-2/var/log/httpd/_disabled-cookie-list-simple_access_log
 T-2/var/log/httpd/_disabled-cookie-list-simple_backend_log
-T-2/var/log/httpd/_disabled-cookie-list-simple_error_log
 T-2/var/log/httpd/_disabled-cookie-list_access_log
 T-2/var/log/httpd/_disabled-cookie-list_backend_log
-T-2/var/log/httpd/_disabled-cookie-list_error_log
 T-2/var/log/httpd/_empty_access_log
-T-2/var/log/httpd/_empty_error_log
 T-2/var/log/httpd/_enable-http2-default_access_log
 T-2/var/log/httpd/_enable-http2-default_backend_log
-T-2/var/log/httpd/_enable-http2-default_error_log
 T-2/var/log/httpd/_enable-http2-false_access_log
 T-2/var/log/httpd/_enable-http2-false_backend_log
-T-2/var/log/httpd/_enable-http2-false_error_log
 T-2/var/log/httpd/_enable_cache-disable-no-cache-request_access_log
 T-2/var/log/httpd/_enable_cache-disable-no-cache-request_backend_log
-T-2/var/log/httpd/_enable_cache-disable-no-cache-request_error_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_access_log
 T-2/var/log/httpd/_enable_cache-disable-via-header_backend_log
-T-2/var/log/httpd/_enable_cache-disable-via-header_error_log
 T-2/var/log/httpd/_enable_cache-https-only-false_access_log
 T-2/var/log/httpd/_enable_cache-https-only-false_backend_log
-T-2/var/log/httpd/_enable_cache-https-only-false_error_log
 T-2/var/log/httpd/_enable_cache_access_log
 T-2/var/log/httpd/_enable_cache_backend_log
 T-2/var/log/httpd/_enable_cache_custom_domain_access_log
 T-2/var/log/httpd/_enable_cache_custom_domain_backend_log
-T-2/var/log/httpd/_enable_cache_custom_domain_error_log
-T-2/var/log/httpd/_enable_cache_error_log
 T-2/var/log/httpd/_enable_cache_server_alias_access_log
 T-2/var/log/httpd/_enable_cache_server_alias_backend_log
-T-2/var/log/httpd/_enable_cache_server_alias_error_log
 T-2/var/log/httpd/_https-only_access_log
 T-2/var/log/httpd/_https-only_backend_log
-T-2/var/log/httpd/_https-only_error_log
 T-2/var/log/httpd/_https-url-netloc-list_access_log
 T-2/var/log/httpd/_https-url-netloc-list_backend_log
-T-2/var/log/httpd/_https-url-netloc-list_error_log
 T-2/var/log/httpd/_monitor-ipv4-test_access_log
-T-2/var/log/httpd/_monitor-ipv4-test_error_log
 T-2/var/log/httpd/_monitor-ipv6-test_access_log
-T-2/var/log/httpd/_monitor-ipv6-test_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_backend_log
-T-2/var/log/httpd/_prefer-gzip-encoding-to-backend-https-only_error_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_backend_log
-T-2/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
 T-2/var/log/httpd/_server-alias-duplicated_access_log
 T-2/var/log/httpd/_server-alias-duplicated_backend_log
-T-2/var/log/httpd/_server-alias-duplicated_error_log
 T-2/var/log/httpd/_server-alias-empty_access_log
 T-2/var/log/httpd/_server-alias-empty_backend_log
-T-2/var/log/httpd/_server-alias-empty_error_log
 T-2/var/log/httpd/_server-alias-wildcard_access_log
 T-2/var/log/httpd/_server-alias-wildcard_backend_log
-T-2/var/log/httpd/_server-alias-wildcard_error_log
 T-2/var/log/httpd/_server-alias_access_log
 T-2/var/log/httpd/_server-alias_backend_log
 T-2/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
 T-2/var/log/httpd/_server-alias_custom_domain-duplicated_backend_log
-T-2/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
-T-2/var/log/httpd/_server-alias_error_log
 T-2/var/log/httpd/_ssl-proxy-verify-unverified_access_log
 T-2/var/log/httpd/_ssl-proxy-verify-unverified_backend_log
-T-2/var/log/httpd/_ssl-proxy-verify-unverified_error_log
 T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
 T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_backend_log
-T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
 T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
 T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_backend_log
-T-2/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
 T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
 T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
 T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
 T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
 T-2/var/log/httpd/_ssl_ca_crt_only_access_log
 T-2/var/log/httpd/_ssl_ca_crt_only_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_only_error_log
 T-2/var/log/httpd/_type-notebook_access_log
 T-2/var/log/httpd/_type-notebook_backend_log
-T-2/var/log/httpd/_type-notebook_error_log
 T-2/var/log/httpd/_type-redirect-custom_domain_access_log
-T-2/var/log/httpd/_type-redirect-custom_domain_error_log
 T-2/var/log/httpd/_type-redirect_access_log
-T-2/var/log/httpd/_type-redirect_error_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_access_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_backend_log
-T-2/var/log/httpd/_type-websocket-websocket-path-list-websocket-transparent-false_error_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list_access_log
 T-2/var/log/httpd/_type-websocket-websocket-path-list_backend_log
-T-2/var/log/httpd/_type-websocket-websocket-path-list_error_log
 T-2/var/log/httpd/_type-websocket-websocket-transparent-false_access_log
 T-2/var/log/httpd/_type-websocket-websocket-transparent-false_backend_log
-T-2/var/log/httpd/_type-websocket-websocket-transparent-false_error_log
 T-2/var/log/httpd/_type-websocket_access_log
 T-2/var/log/httpd/_type-websocket_backend_log
-T-2/var/log/httpd/_type-websocket_error_log
 T-2/var/log/httpd/_type-zope-default-path_access_log
-T-2/var/log/httpd/_type-zope-default-path_backend_log
-T-2/var/log/httpd/_type-zope-default-path_error_log
 T-2/var/log/httpd/_type-zope-path_access_log
 T-2/var/log/httpd/_type-zope-path_backend_log
-T-2/var/log/httpd/_type-zope-path_error_log
 T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_access_log
 T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_backend_log
-T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend-https-only_error_log
 T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_access_log
 T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_backend_log
-T-2/var/log/httpd/_type-zope-prefer-gzip-encoding-to-backend_error_log
 T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
 T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_backend_log
-T-2/var/log/httpd/_type-zope-virtualhostroot-http-port_error_log
 T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_access_log
 T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_backend_log
-T-2/var/log/httpd/_type-zope-virtualhostroot-https-port_error_log
 T-2/var/log/httpd/_type-zope_access_log
 T-2/var/log/httpd/_type-zope_backend_log
-T-2/var/log/httpd/_type-zope_error_log
 T-2/var/log/httpd/_url-netloc-list_access_log
 T-2/var/log/httpd/_url-netloc-list_backend_log
-T-2/var/log/httpd/_url-netloc-list_error_log
 T-2/var/log/httpd/_url_https-url_access_log
 T-2/var/log/httpd/_url_https-url_backend_log
-T-2/var/log/httpd/_url_https-url_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_file_list_plugin.txt
@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlave.test_master_partition_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlave.test_master_partition_state.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt
@@ -16,7 +16,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "root_instance_title": "testing partition 0",
@@ -93,6 +92,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -100,7 +101,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "slave-kedifa-information": "{\"_default_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@default_ciphers_key-generate-auth-url@@?auth=\"}, \"_own_ciphers\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@/@@default_ciphers_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@own_ciphers_key-generate-auth-url@@?auth=\"}}"

--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00file_list_log.txt
@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_default_ciphers_access_log
 T-2/var/log/httpd/_default_ciphers_backend_log
-T-2/var/log/httpd/_default_ciphers_error_log
 T-2/var/log/httpd/_own_ciphers_access_log
 T-2/var/log/httpd/_own_ciphers_backend_log
-T-2/var/log/httpd/_own_ciphers_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveCiphers.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_file_list_plugin.txt
@@ -34,16 +34,16 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-_monitor-ipv4-test-ipv4-packet-list-test.py
 T-2/etc/plugin/check-_monitor-ipv6-test-ipv6-packet-list-test.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_master_partition_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveGlobalDisableHttp2.test_master_partition_state.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
@@ -15,7 +15,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "request-timeout": "12",
@@ -282,6 +281,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -289,7 +290,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "request-timeout": "12",

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00file_list_log.txt
@@ -7,38 +7,27 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_health-check-connect_access_log
 T-2/var/log/httpd/_health-check-connect_backend_log
-T-2/var/log/httpd/_health-check-connect_error_log
 T-2/var/log/httpd/_health-check-custom_access_log
 T-2/var/log/httpd/_health-check-custom_backend_log
-T-2/var/log/httpd/_health-check-custom_error_log
 T-2/var/log/httpd/_health-check-default_access_log
 T-2/var/log/httpd/_health-check-default_backend_log
-T-2/var/log/httpd/_health-check-default_error_log
 T-2/var/log/httpd/_health-check-disabled_access_log
 T-2/var/log/httpd/_health-check-disabled_backend_log
-T-2/var/log/httpd/_health-check-disabled_error_log
 T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_access_log
 T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_backend_log
-T-2/var/log/httpd/_health-check-failover-url-auth-to-backend_error_log
 T-2/var/log/httpd/_health-check-failover-url-netloc-list_access_log
 T-2/var/log/httpd/_health-check-failover-url-netloc-list_backend_log
-T-2/var/log/httpd/_health-check-failover-url-netloc-list_error_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_access_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_backend_log
-T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verified_error_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_access_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_backend_log
-T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-missing_error_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_access_log
 T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_backend_log
-T-2/var/log/httpd/_health-check-failover-url-ssl-proxy-verify-unverified_error_log
 T-2/var/log/httpd/_health-check-failover-url_access_log
 T-2/var/log/httpd/_health-check-failover-url_backend_log
-T-2/var/log/httpd/_health-check-failover-url_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHealthCheck.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt
@@ -15,7 +15,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "request-timeout": "12",
@@ -90,6 +89,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -97,7 +98,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "request-timeout": "12",

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00file_list_log.txt
@@ -7,14 +7,11 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_wildcard_access_log
 T-2/var/log/httpd/_wildcard_backend_log
-T-2/var/log/httpd/_wildcard_error_log
 T-2/var/log/httpd/_zspecific_access_log
 T-2/var/log/httpd/_zspecific_backend_log
-T-2/var/log/httpd/_zspecific_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveHostHaproxyClash.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
@@ -17,7 +17,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "root_instance_title": "testing partition 0",
@@ -241,6 +240,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -248,7 +249,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "slave-kedifa-information": "{\"_custom_domain_ssl_crt_ssl_key\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_key-generate-auth-url@@?auth=\"}, \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@custom_domain_ssl_crt_ssl_key_ssl_ca_crt_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_does_not_match\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_does_not_match_key-generate-auth-url@@?auth=\"}, \"_ssl_ca_crt_garbage\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_ca_crt_garbage_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_master_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_master_kedifa_overrides_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_key-generate-auth-url@@?auth=\"}, \"_type-notebook-ssl_from_slave_kedifa_overrides\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@/@@custom_domain_ssl_crt_ssl_key_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@type-notebook-ssl_from_slave_kedifa_overrides_key-generate-auth-url@@?auth=\"}}"

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00file_list_log.txt
@@ -7,44 +7,31 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_access_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_error_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_access_log
 T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_backend_log
-T-2/var/log/httpd/_custom_domain_ssl_crt_ssl_key_ssl_ca_crt_error_log
 T-2/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
 T-2/var/log/httpd/_ssl_ca_crt_does_not_match_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_does_not_match_error_log
 T-2/var/log/httpd/_ssl_ca_crt_garbage_access_log
 T-2/var/log/httpd/_ssl_ca_crt_garbage_backend_log
-T-2/var/log/httpd/_ssl_ca_crt_garbage_error_log
 T-2/var/log/httpd/_ssl_from_master_access_log
 T-2/var/log/httpd/_ssl_from_master_backend_log
-T-2/var/log/httpd/_ssl_from_master_error_log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_access_log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_backend_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_error_log
 T-2/var/log/httpd/_ssl_from_slave_access_log
 T-2/var/log/httpd/_ssl_from_slave_backend_log
-T-2/var/log/httpd/_ssl_from_slave_error_log
 T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_access_log
 T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_backend_log
-T-2/var/log/httpd/_ssl_from_slave_kedifa_overrides_error_log
 T-2/var/log/httpd/_type-notebook-ssl_from_master_access_log
 T-2/var/log/httpd/_type-notebook-ssl_from_master_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_error_log
 T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_access_log
 T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_master_kedifa_overrides_error_log
 T-2/var/log/httpd/_type-notebook-ssl_from_slave_access_log
 T-2/var/log/httpd/_type-notebook-ssl_from_slave_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_error_log
 T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_access_log
 T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_backend_log
-T-2/var/log/httpd/_type-notebook-ssl_from_slave_kedifa_overrides_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
@@ -17,7 +17,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "root_instance_title": "testing partition 0",
@@ -81,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -88,7 +89,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "slave-kedifa-information": "{\"_ssl_from_master_kedifa_overrides_master_certificate\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@/@@ssl_from_master_kedifa_overrides_master_certificate_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_kedifa_overrides_master_certificate_key-generate-auth-url@@?auth=\"}}"

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00file_list_log.txt
@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_access_log
 T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_backend_log
-T-2/var/log/httpd/_ssl_from_master_kedifa_overrides_master_certificate_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
@@ -17,7 +17,6 @@
      ]
    ],
    "kedifa_port": "15080",
-    "mpm-graceful-shutdown-timeout": "2",
    "plain_http_port": "11080",
    "port": "11443",
    "root_instance_title": "testing partition 0",
@@ -81,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -88,7 +89,6 @@
      "monitor-httpd-port": 8411,
      "monitor-password": "@@monitor-password@@",
      "monitor-username": "admin",
-      "mpm-graceful-shutdown-timeout": "2",
      "plain_http_port": "11080",
      "port": "11443",
      "slave-kedifa-information": "{\"_ssl_from_master\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@/@@ssl_from_master_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@ssl_from_master_key-generate-auth-url@@?auth=\"}}"

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00file_list_log.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00file_list_log.txt
@@ -7,11 +7,9 @@ T-1/var/log/monitor-httpd-access.log
 T-1/var/log/monitor-httpd-error.log
 T-2/var/log/backend-haproxy.log
 T-2/var/log/expose-csr.log
-T-2/var/log/frontend-access.log
+T-2/var/log/frontend-haproxy.log
-T-2/var/log/frontend-error.log
 T-2/var/log/httpd/_ssl_from_master_access_log
 T-2/var/log/httpd/_ssl_from_master_backend_log
-T-2/var/log/httpd/_ssl_from_master_error_log
 T-2/var/log/monitor-httpd-access.log
 T-2/var/log/monitor-httpd-error.log
 T-2/var/log/slave-introspection-access.log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00file_list_run.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00file_list_run.txt
@@ -6,6 +6,8 @@ T-2/var/run/backend-haproxy.pid
 T-2/var/run/backend_haproxy_configuration_last_state
 T-2/var/run/backend_haproxy_graceful_configuration_state_signature
 T-2/var/run/bhlog.sck
+T-2/var/run/fhlog.sck
+T-2/var/run/frontend-haproxy-rsyslogd.pid
 T-2/var/run/graceful_configuration_state_signature
 T-2/var/run/httpd.pid
 T-2/var/run/monitor-httpd.pid

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00supervisor_state.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00supervisor_state.txt
@@ -17,8 +17,6 @@ T-1:kedifa-{hash-generic}-on-watch RUNNING
 T-1:kedifa-reloader EXITED
 T-1:monitor-httpd-{hash-generic}-on-watch RUNNING
 T-1:monitor-httpd-graceful EXITED
-T-2:6tunnel-11080-{hash-generic}-on-watch RUNNING
-T-2:6tunnel-11443-{hash-generic}-on-watch RUNNING
 T-2:backend-client-login-certificate-caucase-updater-on-watch RUNNING
 T-2:backend-haproxy-{hash-generic}-on-watch RUNNING
 T-2:backend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
@@ -27,8 +25,9 @@ T-2:bootstrap-monitor EXITED
 T-2:certificate_authority-{hash-generic}-on-watch RUNNING
 T-2:crond-{hash-generic}-on-watch RUNNING
 T-2:expose-csr-{hash-generic}-on-watch RUNNING
-T-2:frontend-caddy-safe-graceful EXITED
+T-2:frontend-haproxy-{hash-generic}-on-watch RUNNING
-T-2:frontend_caddy-{hash-caddy-T-2}-on-watch RUNNING
+T-2:frontend-haproxy-rsyslogd-{hash-generic}-on-watch RUNNING
+T-2:frontend-haproxy-safe-graceful EXITED
 T-2:kedifa-login-certificate-caucase-updater-on-watch RUNNING
 T-2:kedifa-updater-{hash-generic}-on-watch RUNNING
 T-2:monitor-httpd-{hash-generic}-on-watch RUNNING

--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_etc_cron_d.txt
--- a/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test_file_list_plugin.txt
@@ -34,14 +34,14 @@ T-2/etc/plugin/backend-haproxy-statistic-frontend.py
 T-2/etc/plugin/backend_haproxy_http.py
 T-2/etc/plugin/backend_haproxy_https.py
 T-2/etc/plugin/buildout-T-2-status.py
-T-2/etc/plugin/caddy_frontend_ipv4_http.py
-T-2/etc/plugin/caddy_frontend_ipv4_https.py
-T-2/etc/plugin/caddy_frontend_ipv6_http.py
-T-2/etc/plugin/caddy_frontend_ipv6_https.py
 T-2/etc/plugin/caucase-updater.py
 T-2/etc/plugin/check-free-disk-space.py
 T-2/etc/plugin/expose-csr-ip-port-listening.py
-T-2/etc/plugin/frontend-caddy-configuration-promise.py
+T-2/etc/plugin/frontend-frontend-haproxy-configuration-promise.py
+T-2/etc/plugin/frontend_haproxy_ipv4_http.py
+T-2/etc/plugin/frontend_haproxy_ipv4_https.py
+T-2/etc/plugin/frontend_haproxy_ipv6_http.py
+T-2/etc/plugin/frontend_haproxy_ipv6_https.py
 T-2/etc/plugin/monitor-bootstrap-status.py
 T-2/etc/plugin/monitor-http-frontend.py
 T-2/etc/plugin/monitor-httpd-listening-on-tcp.py

--- a/software/slapos-sr-testing/software.cfg
+++ b/software/slapos-sr-testing/software.cfg
@@ -13,6 +13,7 @@ extends =
  ../../component/python-mysqlclient/buildout.cfg
  ../../component/python-pynacl/buildout.cfg
  ../../component/python-backports-lzma/buildout.cfg
+  ../../component/selenium/buildout.cfg
  ../../stack/slapos.cfg
  ../../stack/nxdtest.cfg
@@ -41,11 +42,6 @@ setup = ${slapos-repository:location}/
 egg = slapos.test.backupserver
 setup = ${slapos-repository:location}/software/backupserver/test/
-[slapos.test.caddy-frontend-setup]
-<= setup-develop-egg
-egg = slapos.test.caddy-frontend
-setup = ${slapos-repository:location}/software/caddy-frontend/test/
 [slapos.test.dufs-setup]
 <= setup-develop-egg
 egg = slapos.test.dufs
@@ -101,6 +97,11 @@ setup = ${slapos-repository:location}/software/powerdns/test/
 egg = slapos.test.proftpd
 setup = ${slapos-repository:location}/software/proftpd/test/
+[slapos.test.rapid-cdn-setup]
+<= setup-develop-egg
+egg = slapos.test.rapid-cdn
+setup = ${slapos-repository:location}/software/rapid-cdn/test/
 [slapos.test.re6stnet-setup]
 <= setup-develop-egg
 egg = slapos.test.re6stnet
@@ -296,12 +297,12 @@ eggs +=
  ${backports.lzma:egg}
  ${bcrypt:egg}
  ${psycopg2:egg}
+  ${selenium:egg}
  slapos.libnetworkcache
  supervisor
  ${slapos.cookbook-setup:egg}
  ${slapos.test.backupserver-setup:egg}
  ${slapos.test.beremiz-ide-setup:egg}
-  ${slapos.test.caddy-frontend-setup:egg}
  ${slapos.test.caucase-setup:egg}
  ${slapos.test.cloudooo-setup:egg}
  ${slapos.test.dream-setup:egg}
@@ -330,6 +331,7 @@ eggs +=
  ${slapos.test.plantuml-setup:egg}
  ${slapos.test.powerdns-setup:egg}
  ${slapos.test.proftpd-setup:egg}
+  ${slapos.test.rapid-cdn-setup:egg}
  ${slapos.test.re6stnet-setup:egg}
  ${slapos.test.repman-setup:egg}
  ${slapos.test.restic_rest_server-setup:egg}
@@ -389,7 +391,6 @@ tests =
  json-schemas ${slapos.cookbook-setup:setup}
  backupserver ${slapos.test.backupserver-setup:setup}
  beremiz-ide ${slapos.test.beremiz-ide-setup:setup}
-  caddy-frontend ${slapos.test.caddy-frontend-setup:setup}
  caucase ${slapos.test.caucase-setup:setup}
  cloudooo ${slapos.test.cloudooo-setup:setup}
  dream ${slapos.test.dream-setup:setup}
@@ -421,6 +422,7 @@ tests =
  plantuml ${slapos.test.plantuml-setup:setup}
  powerdns ${slapos.test.powerdns-setup:setup}
  proftpd ${slapos.test.proftpd-setup:setup}
+  rapid-cdn ${slapos.test.rapid-cdn-setup:setup}
  re6stnet ${slapos.test.re6stnet-setup:setup}
  repman ${slapos.test.repman-setup:setup}
  restic-rest-server ${slapos.test.restic_rest_server-setup:setup}
@@ -443,7 +445,6 @@ image = 1.5.25
 plantuml = 0.3.0:whl
 pysftp = 0.2.9
 requests-toolbelt = 0.8.0
-selenium = 3.141.0
 testfixtures = 6.11.0
 mysqlclient = 2.1.1
 pexpect = 4.8.0

--- a/software/theia/buildout.hash.cfg
+++ b/software/theia/buildout.hash.cfg
@@ -15,7 +15,7 @@
 [instance-theia]
 _update_hash_filename_ = instance-theia.cfg.jinja.in
-md5sum = bd79a9e6306b321414b9f83524308e5f
+md5sum = 937f8ebdfa8112aafe11235a23fb85a9
 [instance]
 _update_hash_filename_ = instance.cfg.in

--- a/software/theia/instance-theia.cfg.jinja.in
+++ b/software/theia/instance-theia.cfg.jinja.in
@@ -13,7 +13,9 @@ theia-environment-parts =
  settings.json
 theia-parts =
-  frontend-reload
+  frontend-instance
+  frontend-instance-rsyslogd
+  python-server
  promises
 parts =
@@ -90,11 +92,13 @@ recipe =
 instance-promises =
  $${theia-listen-promise:name}
  $${frontend-listen-promise:name}
+  $${python-server-listen-promise:name}
  $${frontend-authentication-promise:name}
  $${remote-frontend-url-available-promise:name}
  {% if additional_frontend %}
  $${remote-additional-frontend-url-available-promise:name}
  {% endif %}
+  $${frontend-instance-rsyslogd-promise:name}
  $${slapos-standalone-listen-promise:name}
  $${slapos-standalone-ready-promise:name}
  $${slapos-autorun-promise:name}
@@ -116,6 +120,13 @@ name = $${:_buildout_section_name_}.py
 config-host = $${frontend-instance:ip}
 config-port = $${frontend-instance:port}
+[python-server-listen-promise]
+<= monitor-promise-base
+promise = check_socket_listening
+name = $${:_buildout_section_name_}.py
+config-host = $${python-server-port:ip}
+config-port = $${python-server-port:port}
 [frontend-authentication-promise]
 <= monitor-promise-base
 promise = check_url_available
@@ -142,6 +153,12 @@ config-url = $${remote-additional-frontend:connection-secure_access}
 config-http-code = 401
 {% endif %}
+[frontend-instance-rsyslogd-promise]
+<= monitor-promise-base
+promise = check_command_execute
+name = rsyslogd_listen_promise.py
+config-command = test -S $${frontend-instance-rsyslogd-config:log-socket}
 [slapos-standalone-listen-promise]
 <= monitor-promise-base
 promise = check_socket_listening
@@ -207,7 +224,7 @@ sla-instance_guid = {{ parameter_dict['additional-frontend-guid'] }}
 {% endif %}
-# Local Caddy Frontend
+# Local Haproxy Frontend
 # --------------------
 [frontend-instance-password]
@@ -215,6 +232,39 @@ recipe = slapos.cookbook:generate.password
 username = admin
 storage-path = $${buildout:parts-directory}/.$${:_buildout_section_name_}
+[frontend-instance-rsyslogd-config]
+recipe = slapos.recipe.template
+output = $${directory:etc}/$${:_buildout_section_name_}
+log-file = $${directory:log}/frontend-instance.log
+log-socket = $${directory:run}/rsyslog.sock
+pidfile = $${directory:pidfiles}/rsyslogd.pid
+inline =
+  module(
+    load="imuxsock"
+    SysSock.Name="$${:log-socket}")
+  # Just simply output the raw line without any additional information, as
+  # haproxy emits enough information by itself
+  # Also cut out first empty space in msg, which is related to rsyslogd
+  # internal and end up cutting on 8k, as it's default of $MaxMessageSize
+  template(name="rawoutput" type="string" string="%msg:2:8192%\n")
+  $ActionFileDefaultTemplate rawoutput
+  $FileCreateMode 0600
+  $DirCreateMode 0700
+  $Umask 0022
+  $WorkDirectory $${directory:run}
+  *.* $${:log-file};rawoutput
+[frontend-instance-rsyslogd]
+recipe = slapos.cookbook:wrapper
+command-line = ${rsyslogd:location}/sbin/rsyslogd -i $${frontend-instance-rsyslogd-config:pidfile} -n -f $${frontend-instance-rsyslogd-config:output}
+wrapper-path = $${directory:services}/$${:_buildout_section_name_}
+hash-files = $${frontend-instance-rsyslogd-config:output}
 [frontend-instance-port]
 recipe = slapos.cookbook:free_port
 minimum = 3000
@@ -224,61 +274,83 @@ ip = {{ ipv6_random }}
 [frontend-instance-certificate]
 recipe = plone.recipe.command
 command =
-  if [ ! -e $${:key-file} ]
+  if [ ! -e $${:cert-file} ]
  then
    ${openssl-output:openssl} req -x509 -nodes -days 3650 \
      -subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-      -newkey rsa:1024 -keyout $${:key-file} \
+      -newkey rsa:1024 -keyout $${:cert-file} \
      -out $${:cert-file}
  fi
 update-command = $${:command}
-key-file = $${directory:etc}/$${:_buildout_section_name_}.key
+cert-file = $${directory:etc}/$${:_buildout_section_name_}.pem
-cert-file = $${directory:etc}/$${:_buildout_section_name_}.crt
 common-name = $${frontend-instance-config:ip}
 location =
-  $${:key-file}
  $${:cert-file}
 [frontend-instance-config]
 recipe = slapos.recipe.template
 output = $${directory:etc}/$${:_buildout_section_name_}
+blankline =
 inline =
-  :$${:port} {
+  global
-    bind $${:ip}
+    maxconn 4096
-    tls $${frontend-instance-certificate:cert-file} $${frontend-instance-certificate:key-file}
+    master-worker
-    log stdout
+    pidfile $${frontend-instance:pidfile}
-    errors stderr
+    log $${frontend-instance-rsyslogd-config:log-socket} local0  info
-    gzip
-    # because caddy does not support upgrade http2 to websocket
+  defaults
-    # https://tools.ietf.org/html/rfc8441
+    log global
-    tls {
+    option httplog
-      alpn http/1.1
+    mode http
-    }
+    retries 1
-    root $${directory:frontend-static}
+    option redispatch
-    browse
+    maxconn 2000
-    proxy / $${theia-instance:base-url} {
+    balance roundrobin
-      except $${frontend-instance-fonts:folder-name} $${frontend-instance-slapos.css:folder-name} public $${favicon.ico:filename} $${frontend-instance-logo:filename}
+    timeout connect 10s
-    }
+    timeout queue 60s
-    proxy /services $${theia-instance:base-url} {
+    timeout server 305s
-      websocket
+    timeout client 305s
-    }
-    proxy /socket.io $${theia-instance:base-url} {
+    # compress some content types
-      websocket
+    compression algo gzip
-    }
+    compression type application/font-woff application/font-woff2 application/hal+json application/javascript application/json application/rss+xml application/wasm application/x-font-opentype application/x-font-ttf application/x-javascript application/xml image/svg+xml text/cache-manifest text/css text/html text/javascript text/plain text/xml
-    basicauth $${frontend-instance-password:username} $${frontend-instance-password:passwd} {
-      realm "Theia"
-      /
+  userlist basic-auth-list
-    }
+    user $${frontend-instance-password:username} insecure-password $${frontend-instance-password:passwd}
-  }
+  frontend app
+    log global
+    bind $${:ip}:$${:port} ssl crt $${frontend-instance-certificate:cert-file} alpn h2,http/1.1
+    # writing twice the same ACL is doing OR
+    acl is_public path_beg /public/
+    acl is_public path /$${favicon.ico:filename}
+    acl auth_ok http_auth(basic-auth-list)
+    # No authentication for public folder
+    http-request auth unless auth_ok || is_public
+    use_backend static if { path_beg /$${frontend-instance-fonts:folder-name} } || { path_beg /$${frontend-instance-slapos.css:folder-name} } || { path /$${frontend-instance-logo:filename} } || is_public
+    default_backend nodejs
+  backend nodejs
+    log global
+    server nodejs_backend $${theia-instance:ip}:$${theia-instance:port}
+  backend static
+    log global
+    server static_backend $${python-server-port:ip}:$${python-server-port:port}
+  $${:blankline}
 ip = $${frontend-instance-port:ip}
 hostname = [$${:ip}]
 port = $${frontend-instance-port:port}
+pidfile = $${directory:pidfiles}/haproxy.pid
 [frontend-instance]
 recipe = slapos.cookbook:wrapper
 wrapper-path = $${directory:services}/$${:_buildout_section_name_}
 command-line =
-  ${caddy:output} -conf $${frontend-instance-config:output} -pidfile $${:pidfile}
+  ${haproxy:location}/sbin/haproxy -f $${frontend-instance-config:output}
+hash-files = $${frontend-instance-config:output}
 ip = $${frontend-instance-config:ip}
 hostname = $${frontend-instance-config:hostname}
@@ -287,7 +359,7 @@ pidfile = $${directory:pidfiles}/$${:_buildout_section_name_}.pid
 url = https://$${:hostname}:$${:port}/
 [frontend-instance-fonts]
-; XXX caddy 1 does not seem to serve different folders at different locations
+; XXX python server only serves one folder
 ; so we link fonts in static folder
 recipe = plone.recipe.command
 location = $${directory:frontend-static}/$${:folder-name}
@@ -314,18 +386,6 @@ folder-name = css
 context =
  key logo_image frontend-instance-logo:filename
-[frontend-reload]
-recipe = slapos.cookbook:wrapper
-wrapper-path = $${directory:services}/$${:_buildout_section_name_}
-command-line =
-  ${bash:location}/bin/bash -c
-  "kill -s USR1 $$(${coreutils:location}/bin/cat $${frontend-instance:pidfile}) \
-    && ${coreutils:location}/bin/sleep infinity"
-hash-files =
-  $${frontend-instance-config:output}
-  $${frontend-instance:wrapper-path}
-wait-for-files = $${frontend-instance:pidfile}
 [favicon.ico]
 # generate a pseudo random favicon, different for each instance name.
 recipe = slapos.recipe.build
@@ -350,6 +410,20 @@ install =
 location = $${directory:frontend-static}/$${:filename}
 filename = $${:_buildout_section_name_}
+# Local Python Server
+# -------------------
+[python-server-port]
+recipe = slapos.cookbook:free_port
+minimum = 3000
+maximum = 3100
+ip = {{ ipv4_random }}
+[python-server]
+recipe = slapos.cookbook:wrapper
+wrapper-path = $${directory:services}/$${:_buildout_section_name_}
+command-line = $${buildout:executable} -m http.server $${python-server-port:port} --bind $${python-server-port:ip} --directory $${directory:frontend-static}
 # Common Environment
 # ------------------
@@ -406,7 +480,6 @@ hash-existing-files =
 ip =  {{ ipv4_random }}
 hostname = $${:ip}
 port = $${theia-service:port}
-base-url = $${theia-service:base-url}
 [theia-shell]
 recipe = slapos.recipe.template:jinja2

--- a/software/theia/software.cfg
+++ b/software/theia/software.cfg
 [buildout]
 extends =
-  ../../component/caddy/buildout.cfg
+  ../../component/haproxy/buildout.cfg
+  ../../component/rsyslogd/buildout.cfg
  ../../component/git/buildout.cfg
  ../../component/bash/buildout.cfg
  ../../component/bash-completion/buildout.cfg

--- a/software/theia/test/test.py
+++ b/software/theia/test/test.py
@@ -146,17 +146,17 @@ class TestTheia(TheiaTestCase):
        )).geturl()
    self.get(authenticated_url)
-    # there's a public folder to serve file
+    # there's a public folder to serve file (no need for authentication)
    with open('{}/srv/frontend-static/public/test_file'.format(
        self.getPath()), 'w') as f:
      f.write("hello")
-    resp = self.get(urljoin(authenticated_url, '/public/'))
+    resp = self.get(urljoin(url, '/public/'))
    self.assertIn('test_file', resp.text)
-    resp = self.get(urljoin(authenticated_url, '/public/test_file'))
+    resp = self.get(urljoin(url, '/public/test_file'))
    self.assertEqual('hello', resp.text)
-    # there's a (not empty) favicon
+    # there's a (not empty) favicon (no need for authentication)
-    resp = self.get(urljoin(authenticated_url, '/favicon.ico'))
+    resp = self.get(urljoin(url, '/favicon.ico'))
    self.assertTrue(resp.raw)
    # there is a CSS referencing fonts

--- a/stack/erp5/buildout.cfg
+++ b/stack/erp5/buildout.cfg
@@ -62,6 +62,7 @@ extends =
  ../../component/bcrypt/buildout.cfg
  ../../component/python-pynacl/buildout.cfg
  ../../component/python-xmlsec/buildout.cfg
+  ../../component/selenium/buildout.cfg
  ../../stack/caucase/buildout.cfg
  ../../software/neoppod/software-common.cfg
 # keep neoppod extends last
@@ -595,7 +596,7 @@ eggs = ${neoppod:eggs}
  pycountry
  xfw
  jsonschema
-  selenium
+  ${selenium:egg}
  pytesseract
  decorator
  networkx
@@ -813,7 +814,6 @@ uuid = 1.30
 validictory = 1.1.0
 xfw = 0.10
 xupdate-processor = 0.5
-selenium = 3.14.1
 scikit-image = 0.14.0
 PyWavelets = 0.5.2
 networkx = 2.1

--- a/stack/slapos.cfg
+++ b/stack/slapos.cfg
@@ -137,16 +137,23 @@ zc.buildout = 2.7.1+slapos019
 zc.recipe.egg = 2.0.3+slapos003
 apache-libcloud = 2.4.0
+argon2-cffi = 20.1.0
 asn1crypto = 1.3.0
+astor = 0.5
+async-generator = 1.10
 atomicwrites = 1.4.0
 atomize = 0.2.0
 attrs = 22.1.0
+backcall = 0.2.0
+backports-abc = 0.5
 backports.functools-lru-cache = 1.6.1:whl
 backports.lzma = 0.0.14
+backports.shutil-get-terminal-size = 1.0.0
 bcrypt = 3.1.4
+bleach = 5.0.1
 CacheControl = 0.12.6:whl
 certifi = 2022.6.15
-cffi = 1.14.0
+cffi = 1.15.0
 chardet = 3.0.4
 charset-normalizer = 2.1.1
 click = 8.1.3
@@ -158,13 +165,20 @@ configparser = 4.0.2:whl
 contextlib2 = 0.6.0.post1
 croniter = 0.3.25
 cryptography = 3.3.2
+dataclasses = 0.8
 dateparser = 0.7.6
 decorator = 4.3.0
+defusedxml = 0.6.0
 distro = 1.7.0
 dnspython = 1.16.0
+entrypoints = 0.3
 enum34 = 1.1.10
 erp5.util = 0.4.74
-feedparser = 5.2.1
+et-xmlfile = 1.0.1
+# need wheel because there is no setup.py
+# (see https://erp5js.nexedi.net/#/bug_module/20221102-1C1B293)
+exceptiongroup = 1.0.0:whl
+feedparser = 6.0.10
 Flask = 1.1.2
 funcsigs = 1.0.2
 functools32 = 3.2.3.post2
@@ -173,59 +187,102 @@ geventmp = 0.0.1
 gitdb2 = 2.0.5
 GitPython = 2.1.11
 greenlet = 0.4.17
+h5py = 2.7.1
+h11 = 0.14.0
 idna = 2.9
 igmp = 1.0.4
 Importing = 1.10
 importlib-metadata = 1.7.0:whl
 inotify-simple = 1.1.1
 ipaddress = 1.0.23
+ipykernel = 5.3.4:whl
+ipython = 7.16.3
+ipython-genutils = 0.1.0
+ipywidgets = 6.0.0
 itsdangerous = 0.24
+jdcal = 1.4
+jedi = 0.17.2
 Jinja2 = 2.11.3
 jsonschema = 3.0.2:whl
+jupyter = 1.0.0
+jupyter-client = 7.3.1
+jupyter-console = 6.4.4
+jupyter-core = 4.9.2
+jupyterlab = 0.26.3
+jupyterlab-launcher = 0.3.1
+jupyterlab-pygments = 0.1.2
 lock-file = 2.0
 lockfile = 0.12.2:whl
 lxml = 4.9.1
 MarkupSafe = 2.0.1
+matplotlib = 2.1.2
 meld3 = 1.0.2
+mistune = 0.8.4
 mock = 3.0.5
 more-itertools = 5.0.0
+mpmath = 1.0.0
 msgpack = 0.6.2
+nbclient = 0.5.1
+nbconvert = 6.0.7
+nbformat = 5.0.8
+nest-asyncio = 1.5.6
 netaddr = 0.7.19
 netifaces = 0.10.7
+notebook = 6.1.5
+openpyxl = 2.5.2
+outcome = 1.2.0
 packaging = 16.8
+pandocfilters = 1.4.3
 paramiko = 2.11.0
+parso = 0.7.1
 passlib = 1.7.1
 pathlib2 = 2.3.5
-pbr = 2.0.0
+patsy = 0.5.1
+pbr = 5.9.0
+pexpect = 4.8.0
+pickleshare = 0.7.4
 pim-dm = 1.4.0nxd001
 pkgconfig = 1.5.1
 plone.recipe.command = 1.1
 pluggy = 0.13.1:whl
 ply = 3.11
 prettytable = 0.7.2
+prometheus-client = 0.9.0
+prompt-toolkit = 3.0.19
 psutil = 5.8.0
+ptyprocess = 0.5.1
 py = 1.11.0:whl
 py-mld = 1.0.3
 pyasn1 = 0.4.5
 pycparser = 2.20
 pycurl = 7.43.0
+Pygments = 2.9.0
 PyNaCl = 1.3.0
 pyOpenSSL = 19.1.0
 pyparsing = 3.0.9:whl
 pyroute2 = 0.6.9
 pyrsistent = 0.18.1
 PyRSS2Gen = 1.1
+PySocks = 1.7.1
 pytest-runner = 5.2:whl
 python-dateutil = 2.8.2:whl
 pytz = 2022.2.1
 PyYAML = 5.4.1
+pyzmq = 22.3.0
+qtconsole = 4.3.0
 regex = 2020.9.27
 requests = 2.28.1
 rpdb = 0.1.5
 rubygemsrecipe  = 0.4.3
 scandir = 1.10.0
+scikit-learn = 0.20.4
+seaborn = 0.7.1
+Send2Trash = 1.5.0
 setproctitle = 1.1.10
 setuptools-dso = 1.7
+sgmllib3k = 1.0.0
+simplegeneric = 0.8.1
+singledispatch = 3.4.0.3
 six = 1.16.0
 slapos.cookbook = 1.0.297
 slapos.core = 1.8.5
@@ -236,19 +293,32 @@ slapos.recipe.build = 0.56
 slapos.recipe.cmmi = 0.19
 slapos.recipe.template = 5.0
 slapos.toolbox = 0.128
+statsmodels = 0.11.1
 smmap2 = 2.0.5
+sniffio = 1.3.0
+sortedcontainers = 2.4.0
 stevedore = 1.21.0:whl
 subprocess32 = 3.5.4
 supervisor = 4.1.0
-traitlets = 4.3.3
+sympy = 1.1.1
+terminado = 0.9.1
+testpath = 0.4.4
+tornado = 6.1
+traitlets = 5.0.5
+trio = 0.22.0
+trio-websocket = 0.9.2
 tzlocal = 1.5.1
 unicodecsv = 0.14.1
 uritemplate = 3.0.0
 urllib3 = 1.26.12
 wcwidth = 0.2.5
+webencodings = 0.5.1
 Werkzeug = 2.0.2
 wheel = 0.35.1:whl
+widgetsnbextension = 2.0.0
+wsproto = 1.2.0
 xml-marshaller = 1.0.2
+xlrd = 1.1.0
 zc.lockfile = 1.4
 ZConfig = 3.6.1
 zdaemon = 4.2.0
@@ -264,6 +334,7 @@ certifi = 2020.4.5.1
 charset-normalizer = 2.0.12
 click = 6.7
 distro = 1.6.0
+feedparser = 5.2.1
 pyparsing = 2.2.0
 pyrsistent = 0.16.1
 requests = 2.27.1