Commit 0b606475 authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Stabilise cached access

While reading templates/cached-virtualhost.conf.in it seems, that
SSL-enabled host shall be exposed, but this is not true -- it is
connecting to SSL backend, but listening on non-SSL.

In order to stabilise this add assertsion to test_enable_cache
which access cached ports directly and show its functionality, thus
resolving added TODO.
parent a097f33f
Generally things to be done with ``caddy-frontend``: Generally things to be done with ``caddy-frontend``:
* **CRITICAL** fix templates/cached-virtualhost.conf.in SSL-enabled hosts with proper test
* ``apache-ca-certificate`` shall be merged with ``apache-certificate`` * ``apache-ca-certificate`` shall be merged with ``apache-certificate``
* (new) ``type:websocket`` slave * (new) ``type:websocket`` slave
* ``type:eventsource`` https://lab.nexedi.com/nexedi/slapos/merge_requests/312#note_58483 * ``type:eventsource`` https://lab.nexedi.com/nexedi/slapos/merge_requests/312#note_58483
......
...@@ -54,7 +54,7 @@ md5sum = 9568465d1c1423343f7b043c8345f917 ...@@ -54,7 +54,7 @@ md5sum = 9568465d1c1423343f7b043c8345f917
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
md5sum = eafc7e73d7fe47ba9930343bcb876d63 md5sum = 811b4fca0668b84655372687f234ee81
[template-log-access] [template-log-access]
filename = templates/template-log-access.conf.in filename = templates/template-log-access.conf.in
......
...@@ -2,15 +2,15 @@ ...@@ -2,15 +2,15 @@
{% set server_alias_list = slave_parameter.get('server-alias', '').split() %} {% set server_alias_list = slave_parameter.get('server-alias', '').split() %}
{% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%} {% set ssl_proxy_verify = ('' ~ slave_parameter.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES -%}
{%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%} {%- set host_list = [slave_parameter.get('custom_domain')] + server_alias_list -%}
{%- set http_host_list = [] %} {%- set http_backend_host_list = [] %}
{%- set https_host_list = [] %} {%- set https_backend_host_list = [] %}
{%- for host in host_list %} {%- for host in host_list %}
{%- do http_host_list.append('http://%s:%s' % (host, cached_port)) %} {%- do http_backend_host_list.append('http://%s:%s' % (host, cached_port)) %}
{%- do https_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %} {%- do https_backend_host_list.append('http://%s:%s' % (host, ssl_cached_port)) %}
{%- endfor %} {%- endfor %}
# Only accept generic (i.e not Zope) backends on http # Only accept generic (i.e not Zope) backends on http
{{ http_host_list|join(', ') }} { {{ http_backend_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 / status 501 /
...@@ -33,12 +33,11 @@ ...@@ -33,12 +33,11 @@
} }
} }
{{ https_host_list|join(', ') }} { {{ https_backend_host_list|join(', ') }} {
bind {{ local_ipv4 }} bind {{ local_ipv4 }}
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %} {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 / status 501 /
{%- endif %} {%- endif %}
## tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }}
proxy / {{ slave_parameter.get('https_backend_url', '') }} { proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
......
...@@ -1727,6 +1727,42 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -1727,6 +1727,42 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
'Set-Cookie': 'secured=value;secure, nonsecured=value'} 'Set-Cookie': 'secured=value;secure, nonsecured=value'}
) )
result_direct = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
port=26011)
self.assertEqualResultJson(result_direct, 'Path', '/test-path')
try:
j = result_direct.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
result_direct.headers['Set-Cookie'],
'secured=value;secure, nonsecured=value'
)
result_direct_https_backend = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
port=26012)
self.assertEqualResultJson(
result_direct_https_backend, 'Path', '/test-path')
try:
j = result_direct_https_backend.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (
result_direct_https_backend.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
result_direct_https_backend.headers['Set-Cookie'],
'secured=value;secure, nonsecured=value'
)
def test_enable_cache_disable_no_cache_request(self): def test_enable_cache_disable_no_cache_request(self):
parameter_dict = self.slave_connection_parameter_dict_dict[ parameter_dict = self.slave_connection_parameter_dict_dict[
'enable_cache-disable-no-cache-request'] 'enable_cache-disable-no-cache-request']
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment