rapid-cdn: Implement node-level experimental QUIC

87dea848 · Łukasz Nowak · 6d1202a5 · 87dea848 · 87dea848 · 87dea848
Commit 87dea848 authored Nov 17, 2022 by Łukasz Nowak
22 changed files
--- a/software/rapid-cdn/README.rst
+++ b/software/rapid-cdn/README.rst
@@ -468,3 +468,15 @@ websocket
 ~~~~~~~~~

 All frontends are websocket aware now, and ``type:websocket`` parameter became optional. It's required if support for ``websocket-path-list`` or ``websocket-transparent`` is required.
+
+Experimental QuicTLS
+~~~~~~~~~~~~~~~~~~~~
+
+`QuicTLS <https://github.com/quictls/openssl>`_ can be used instead of classic OpenSSL on given node by using parameter ``-frontend-i-experimental-haproxy-flavour`` and setting it to ``quic``. This allows to test out if there are any issues with QuicTLS are with normal usage.
+
+Experimental QUIC
+~~~~~~~~~~~~~~~~~
+
+QUIC with HTTP3 is available as experimental feature. It has to be enabled on each node separately by using ``-frontend-i-experimental-haproxy-quic``. Then given node will reply with proper headers on HTTPS to advertise QUIC. Please note that ``-frontend-i-experimental-haproxy-flavour`` has to be set to ``quic`` on this node too.
+
+Note that then all frontends will be served with QUIC advertised on such node, so it's important to run such experiments very carefully, for example on same zone/region with DNS.
--- a/software/rapid-cdn/buildout.hash.cfg
+++ b/software/rapid-cdn/buildout.hash.cfg
@@ -22,11 +22,11 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68

 [profile-frontend]
 filename = instance-frontend.cfg.in
-md5sum = b519b264956ad6ee43615ee535f41e6d
+md5sum = daf89318c2c155132c34b91105c68806

 [profile-master]
 filename = instance-master.cfg.in
-md5sum = b235bcf15d12b477736258b790054c59
+md5sum = b026a6df40f3d1090ceaa3451a9293fe

 [profile-slave-list]
 filename = instance-slave-list.cfg.in
@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181

 [template-frontend-haproxy-configuration]
 _update_hash_filename_ = templates/frontend-haproxy.cfg.in
-md5sum = e73d1b96224cac7d866b0d2e1eecfecb
+md5sum = 4af0e29ac2399aac10de116b4fa3ac25

 [template-frontend-haproxy-crt-list]
 _update_hash_filename_ = templates/frontend-haproxy-crt-list.in

--- a/software/rapid-cdn/instance-frontend.cfg.in
+++ b/software/rapid-cdn/instance-frontend.cfg.in
 {% import "caucase" as caucase with context %}
 {%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] -%}
+{%- if instance_parameter_dict.get('configuration.frontend-haproxy-flavour', 'basic') == 'quic' %}
+{%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_quic_executable'] %}
+{%-   if instance_parameter_dict.get('configuration.frontend-haproxy-quic', 'false').lower() in TRUE_VALUES %}
+{%-     set FRONTEND_HAPROXY_QUIC = True %}
+{%-   else %}
+{%-     set FRONTEND_HAPROXY_QUIC = False %}
+{%-   endif %}
+{%- else %}
+{%-   set FRONTEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
+{%-   set FRONTEND_HAPROXY_QUIC = False %}
+{%- endif %}
+{%- set BACKEND_HAPROXY_EXECUTABLE = software_parameter_dict['haproxy_executable'] %}
 [buildout]
 extends =
  {{ software_parameter_dict['profile_common'] }}
@@ -472,6 +484,7 @@ slave-introspection-graceful-command = ${slave-introspection-validate:output} &&
 local_ipv4 = {{ dumps(instance_parameter_dict['ipv4-random']) }}
 version-hash = ${version-hash:value}
 node-id = ${frontend-node-id:value}
+quic = {{ FRONTEND_HAPROXY_QUIC }}

 # BBB: SlapOS Master non-zero knowledge BEGIN
 [get-self-signed-fallback-access]
@@ -693,7 +706,7 @@ url = {{ software_parameter_dict['template_validate_script'] }}
 output = ${directory:bin}/frontend-haproxy-validate
 mode = 0700
 last_state_file = ${directory:run}/frontend_haproxy_configuration_last_state
-validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${frontend-haproxy-configuration:file} -c
+validate_command = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file} -c
 extra-context =
    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
    key validate_command :validate_command
@@ -706,7 +719,7 @@ url = {{ software_parameter_dict['template_validate_script'] }}
 output = ${directory:bin}/backend-haproxy-validate
 mode = 0700
 last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
-validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
+validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
 extra-context =
    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
    key validate_command :validate_command
@@ -810,7 +823,7 @@ node-id = ${frontend-node-id:value}

 [frontend-haproxy]
 recipe = slapos.cookbook:wrapper
-command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${frontend-haproxy-configuration:file}
+command-line = {{ FRONTEND_HAPROXY_EXECUTABLE }} -f ${frontend-haproxy-configuration:file}
 wrapper-path = ${directory:service}/frontend-haproxy
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

@@ -828,7 +841,7 @@ extra-context =

 [backend-haproxy]
 recipe = slapos.cookbook:wrapper
-command-line = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file}
+command-line = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file}
 wrapper-path = ${directory:service}/backend-haproxy
 hash-existing-files = ${buildout:directory}/software_release/buildout.cfg

@@ -893,7 +906,7 @@ extra-context =
 url = {{ software_parameter_dict['template_validate_script'] }}
 output = ${directory:bin}/backend-haproxy-validate
 last_state_file = ${directory:run}/backend_haproxy_configuration_last_state
-validate_command = {{ software_parameter_dict['haproxy_executable'] }} -f ${backend-haproxy-configuration:file} -c
+validate_command = {{ BACKEND_HAPROXY_EXECUTABLE }} -f ${backend-haproxy-configuration:file} -c
 extra-context =
    raw find_executable {{ software_parameter_dict['findutils'] }}/bin/find
    key validate_command :validate_command

--- a/software/rapid-cdn/instance-master.cfg.in
+++ b/software/rapid-cdn/instance-master.cfg.in
@@ -167,6 +167,10 @@ context =
 {%     do frontend_section_list.append(request_section_title) %}
 {%   endif %}
 {%   do part_list.append(request_section_title) %}
+{%   set frontend_haproxy_flavour_key = "-frontend-%s-experimental-haproxy-flavour" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-flavour', slapparameter_dict.get(frontend_haproxy_flavour_key) or 'basic') %}
+{%   set frontend_haproxy_quic_key = "-frontend-%s-experimental-haproxy-quic" % i %}
+{%   do config_dict.__setitem__('frontend-haproxy-quic', slapparameter_dict.get(frontend_haproxy_quic_key) or 'False') %}
 # Filling request dict for slave
 {%   set request_content_dict = {
                                  'config': config_dict,

--- a/software/rapid-cdn/software.cfg
+++ b/software/rapid-cdn/software.cfg
@@ -105,6 +105,7 @@ bin_directory = ${buildout:bin-directory}
 nginx = ${nginx-output:nginx}
 nginx_mime = ${nginx-output:mime}
 haproxy_executable = ${haproxy:location}/sbin/haproxy
+haproxy_quic_executable = ${haproxy-quic:location}/sbin/haproxy
 rsyslogd_executable = ${rsyslogd:location}/sbin/rsyslogd
 curl = ${curl:location}
 dash = ${dash:location}

--- a/software/rapid-cdn/templates/frontend-haproxy.cfg.in
+++ b/software/rapid-cdn/templates/frontend-haproxy.cfg.in
+{%- if configuration['quic'] == 'True' %}
+{%-   set QUIC = True %}
+{%- else %}
+{%-   set QUIC = False %}
+{%- endif %}
 global
  pidfile {{ configuration['pid-file'] }}
  # master-worker is compatible with foreground with process management
@@ -74,6 +79,13 @@ frontend http-frontend
 frontend https-frontend
  bind {{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
  bind {{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }}
+{%- if QUIC %}
+  bind quic4@{{ configuration['local-ipv4'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
+  bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
+  http-response set-header alt-svc "h3=\":%fp\";ma=900;"
+  {#- Ask Chromium to use QUIC #}
+  http-response set-header alternate-protocol %fp:quic
+{%- endif %}
 {{ frontend_common() }}
 {%- for slave_instance in frontend_slave_list -%}
 {{ frontend_entry(slave_instance, 'https', False) }}

--- a/software/rapid-cdn/test/test.py
+++ b/software/rapid-cdn/test/test.py
@@ -6758,6 +6758,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-1',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',
@@ -6783,6 +6785,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-2',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',
@@ -6808,6 +6812,8 @@ class TestPassedRequestParameter(HttpFrontendTestCase):
        'domain': 'example.com',
        'enable-http2-by-default': 'True',
        'extra_slave_instance_list': '[]',
+        'frontend-haproxy-flavour': 'basic',
+        'frontend-haproxy-quic': 'False',
        'frontend-name': 'caddy-frontend-3',
        'kedifa-caucase-url': kedifa_caucase_url,
        'monitor-cors-domains': 'monitor.app.officejs.com',

--- a/software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultDefaultSlave.test00cluster_request_instance_parameter_dict.txt
@@ -104,6 +104,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestEnableHttp2ByDefaultFalseSlave.test00cluster_request_instance_parameter_dict.txt
@@ -106,6 +106,8 @@
      "domain": "example.com",
      "enable-http2-by-default": "false",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_dummy-cached\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_enable-http2-default\"}, {\"enable-http2\": \"false\", \"slave_reference\": \"_enable-http2-false\"}, {\"enable-http2\": \"true\", \"slave_reference\": \"_enable-http2-true\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestMasterAIKCDisabledAIBCCDisabledRequest.test00cluster_request_instance_parameter_dict.txt
@@ -62,6 +62,8 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestMasterRequest.test00cluster_request_instance_parameter_dict.txt
@@ -60,6 +60,8 @@
      "backend-client-caucase-url": "http://[@@_ipv6_address@@]:8990",
      "cluster-identification": "testing partition 0",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestMasterRequestDomain.test00cluster_request_instance_parameter_dict.txt
@@ -62,6 +62,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlDefaultSlave.test00cluster_request_instance_parameter_dict.txt
@@ -76,6 +76,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestRe6stVerificationUrlSlave.test00cluster_request_instance_parameter_dict.txt
@@ -76,6 +76,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestReplicateSlave.test00cluster_request_instance_parameter_dict.txt
@@ -80,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",
@@ -117,6 +119,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_replicate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-2",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlave.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlave.test00cluster_request_instance_parameter_dict.txt
--- a/software/rapid-cdn/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveCiphers.test00cluster_request_instance_parameter_dict.txt
@@ -92,6 +92,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_default_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"ciphers\": \"ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256\", \"enable_cache\": true, \"slave_reference\": \"_own_ciphers\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveHealthCheck.test00cluster_request_instance_parameter_dict.txt
@@ -281,6 +281,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"health-check\": true, \"health-check-http-method\": \"CONNECT\", \"slave_reference\": \"_health-check-connect\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-fall\": \"7\", \"health-check-http-method\": \"POST\", \"health-check-http-path\": \"/POST-path to be encoded\", \"health-check-http-version\": \"HTTP/1.0\", \"health-check-interval\": \"15\", \"health-check-rise\": \"3\", \"health-check-timeout\": \"7\", \"slave_reference\": \"_health-check-custom\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"slave_reference\": \"_health-check-default\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_health-check-disabled\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-authenticate-to-failover-backend\": true, \"health-check-failover-https-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=\", \"health-check-http-path\": \"/health-check-failover-url-auth-to-backend\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-auth-to-backend\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=\", \"health-check-failover-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=\", \"health-check-failover-url-netloc-list\": \"@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@\", \"health-check-http-path\": \"/health-check-failover-url\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"https-only\": false, \"https-url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/https-url\", \"slave_reference\": \"_health-check-failover-url-netloc-list\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/url\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@test_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-missing\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-missing\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"health-check\": true, \"health-check-failover-ssl-proxy-ca-crt\": \"@@another_server_ca.certificate_pem_double@@\", \"health-check-failover-ssl-proxy-verify\": true, \"health-check-failover-url\": \"https://@@_ipv4_address@@:@@_server_https_port@@/\", \"health-check-http-path\": \"/health-check-failover-url-ssl-proxy-verify-unverified\", \"health-check-interval\": 1, \"health-check-timeout\": 1, \"slave_reference\": \"_health-check-failover-url-ssl-proxy-verify-unverified\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveHostHaproxyClash.test00cluster_request_instance_parameter_dict.txt
@@ -89,6 +89,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibility.test00cluster_request_instance_parameter_dict.txt
@@ -240,6 +240,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"custom_domain\": \"customdomainsslcrtsslkey.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key\", \"ssl_crt\": \"@@customdomain_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"custom_domain\": \"customdomainsslcrtsslkeysslcacrt.example.com\", \"slave_reference\": \"_custom_domain_ssl_crt_ssl_key_ssl_ca_crt\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@customdomain_ca_certificate_pem_double@@\", \"ssl_key\": \"@@customdomain_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_does_not_match\", \"ssl_ca_crt\": \"@@ca.certificate_pem_double@@\", \"ssl_crt\": \"@@certificate_pem_double@@\", \"ssl_key\": \"@@key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_ca_crt_garbage\", \"ssl_ca_crt\": \"some garbage\", \"ssl_crt\": \"@@sslcacrtgarbage_ca_certificate_pem_double@@\", \"ssl_key\": \"@@sslcacrtgarbage_ca_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_master_kedifa_overrides\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave\", \"ssl_crt\": \"@@ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_master_kedifa_overrides\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}, {\"slave_reference\": \"_type-notebook-ssl_from_slave_kedifa_overrides\", \"ssl_crt\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem_double@@\", \"ssl_key\": \"@@type_notebook_ssl_from_slave_kedifa_overrides_key_pem_double@@\", \"type\": \"notebook\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityOverrideMaster.test00cluster_request_instance_parameter_dict.txt
@@ -80,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master_kedifa_overrides_master_certificate\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",

--- a/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
+++ b/software/rapid-cdn/test/test_data/test.TestSlaveSlapOSMasterCertificateCompatibilityUpdate.test00cluster_request_instance_parameter_dict.txt
@@ -80,6 +80,8 @@
      "cluster-identification": "testing partition 0",
      "domain": "example.com",
      "extra_slave_instance_list": "[{\"enable_cache\": true, \"slave_reference\": \"_ssl_from_master\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/\"}]",
+      "frontend-haproxy-flavour": "basic",
+      "frontend-haproxy-quic": "False",
      "frontend-name": "caddy-frontend-1",
      "kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
      "master-key-download-url": "https://[@@_ipv6_address@@]:15080/@@master-key-download-url_endpoint@@",