Commit f7a525ea authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Implement backend with own CA verification

parent 8a999d74
......@@ -13,7 +13,6 @@ Generally things to be done with ``caddy-frontend``:
* ``type:eventsource``:
* **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
* ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug `#1550 <https://github.com/mholt/caddy/issues/1550>`_, proposed solution `just adding your CA to the system's trust store`
* ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
* cover test suite like resilient tests for KVM and prove it works the same way as Caddy
* have ``caddy-frontend`` specific parameters, with backward compatibility to ``apache-frontend`` ones:
......
......@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = 395ea5b3389e26a57dad0f91cd458630
md5sum = f9d0e64b4aae205c7bb941f5c1c27876
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
......@@ -62,11 +62,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 73bc8abae6aadc3ce55662c3d821b363
md5sum = b7879a40ed7f8a49b764c82e7283811f
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
md5sum = 7cbcadc295860821ac9d3aaa3cca72c5
md5sum = c64f8ac7ec439460877ce5a5c5ccf1f7
[template-log-access]
filename = templates/template-log-access.conf.in
......
......@@ -537,7 +537,7 @@ mode = 700
template = {{ parameter_dict['template_graceful_script'] }}
rendered = ${directory:etc-run}/frontend-caddy-safe-graceful
mode = 0700
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:vh-ssl}/*.key ${caddy-directory:vh-ssl}/*.crt
path_list = ${caddy-configuration:frontend-configuration} ${frontend-configuration:log-access-configuration} ${caddy-directory:slave-configuration}/*.conf ${caddy-directory:slave-with-cache-configuration}/*.conf ${caddy-directory:vh-ssl}/*.key ${caddy-directory:vh-ssl}/*.crt ${caddy-directory:vh-ssl}/*.proxy_ca_crt
sha256sum = {{ parameter_dict['sha256sum'] }}
signature_file = ${directory:run}/caddy_graceful_signature
extra-context =
......
......@@ -131,12 +131,12 @@
},
"ssl-proxy-verify": {
"default": "false",
"description": "[NOT Implemented] If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
"description": "If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
"enum": [
"false",
"true"
],
"title": "[NOT Implemented] Verify Backend Certificates",
"title": "Verify Backend Certificates",
"type": "string"
},
"ssl_ca_crt": {
......@@ -162,8 +162,8 @@
},
"ssl_proxy_ca_crt": {
"default": "",
"description": "[NOT Implemented] Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
"title": "[NOT Implemented] SSL Backend Authority's Certificate",
"description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
"title": "SSL Backend Authority's Certificate",
"type": "string"
},
"type": {
......
......@@ -19,9 +19,6 @@
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 /
{%- endif %}
# Rewrite part
proxy / {{ slave_parameter.get('backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
......@@ -30,7 +27,8 @@
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %}
{%- else %}
insecure_skip_verify
......@@ -43,16 +41,14 @@
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 /
{%- endif %}
proxy / {{ slave_parameter.get('https_backend_url', '') }} {
# As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %}
{%- else %}
insecure_skip_verify
......
......@@ -30,9 +30,6 @@
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 /
{%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
tls {{ slave_parameter.get('path_to_ssl_crt', slave_parameter.get('login_certificate')) }} {{ slave_parameter.get('path_to_ssl_key', slave_parameter.get('login_key')) }} {
{%- if enable_h2 %}
# Allow HTTP2
......@@ -79,8 +76,9 @@
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
......@@ -136,8 +134,9 @@
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
......@@ -152,9 +151,6 @@
bind {{ slave_parameter['local_ipv4'] }}
# Compress the output
gzip
{%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
status 501 /
{%- endif %} {#- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter #}
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }}
......@@ -201,8 +197,9 @@
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
......@@ -252,8 +249,9 @@
transparent
timeout 600s
{%- if ssl_proxy_verify %}
{%- if 'ssl_proxy_ca_crt' in slave_parameter %}
{%- endif %} {#- if 'ssl_proxy_ca_crt' in slave_parameter #}
{%- if 'path_to_ssl_proxy_ca_crt' in slave_parameter %}
ca_certificates {{ slave_parameter['path_to_ssl_proxy_ca_crt'] }}
{%- endif %} {#- if 'path_to_ssl_proxy_ca_crt' in slave_parameter #}
{%- else %} {#- if ssl_proxy_verify #}
insecure_skip_verify
{%- endif %} {#- if ssl_proxy_verify #}
......
......@@ -40,6 +40,7 @@ from BaseHTTPServer import BaseHTTPRequestHandler
from forcediphttpsadapter.adapters import ForcedIPHTTPSAdapter
import time
import tempfile
import ipaddress
from utils import SlapOSInstanceTestCase
from utils import findFreeTCPPort
......@@ -118,11 +119,24 @@ def createSelfSignedCertificate(name_list):
return key, key_pem, certificate, certificate_pem
def createCSR(common_name):
def createCSR(common_name, ip=None):
key, key_pem = createKey()
subject_alternative_name_list = []
if ip is not None:
subject_alternative_name_list.append(
x509.IPAddress(ipaddress.ip_address(unicode(ip)))
)
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
x509.NameAttribute(NameOID.COMMON_NAME, unicode(common_name)),
])).sign(key, hashes.SHA256(), default_backend())
]))
if len(subject_alternative_name_list):
csr = csr.add_extension(
x509.SubjectAlternativeName(subject_alternative_name_list),
critical=False
)
csr = csr.sign(key, hashes.SHA256(), default_backend())
csr_pem = csr.public_bytes(serialization.Encoding.PEM)
return key, key_pem, csr, csr_pem
......@@ -157,6 +171,7 @@ class CertificateAuthority(object):
def signCSR(self, csr):
builder = x509.CertificateBuilder(
subject_name=csr.subject,
extensions=csr.extensions,
issuer_name=self.certificate.subject,
not_valid_before=datetime.datetime.utcnow() - datetime.timedelta(days=1),
not_valid_after=datetime.datetime.utcnow() + datetime.timedelta(days=30),
......@@ -465,9 +480,10 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
(LOCAL_IPV4, findFreeTCPPort(LOCAL_IPV4)),
TestHandler)
cls.another_server_ca = CertificateAuthority("Another Server Root CA")
cls.test_server_ca = CertificateAuthority("Test Server Root CA")
key, key_pem, csr, csr_pem = createCSR(
"testserver.example.com")
"testserver.example.com", LOCAL_IPV4)
_, cls.test_server_certificate_pem = cls.test_server_ca.signCSR(csr)
cls.test_server_certificate_file = tempfile.NamedTemporaryFile(
......@@ -759,6 +775,11 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': cls.test_server_ca.certificate_pem,
},
'ssl-proxy-verify_ssl_proxy_ca_crt-unverified': {
'url': cls.backend_https_url,
'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': cls.another_server_ca.certificate_pem,
},
'ssl-proxy-verify-unverified': {
'url': cls.backend_https_url,
'ssl-proxy-verify': True,
......@@ -814,6 +835,12 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': cls.test_server_ca.certificate_pem,
},
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified': {
'url': cls.backend_https_url,
'type': 'zope',
'ssl-proxy-verify': True,
'ssl_proxy_ca_crt': cls.another_server_ca.certificate_pem,
},
'type-zope-ssl-proxy-verify-unverified': {
'url': cls.backend_https_url,
'type': 'zope',
......@@ -880,6 +907,12 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'ssl_proxy_ca_crt': cls.test_server_ca.certificate_pem,
'ssl-proxy-verify': True,
},
'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified': {
'url': cls.backend_https_url,
'enable_cache': True,
'ssl_proxy_ca_crt': cls.another_server_ca.certificate_pem,
'ssl-proxy-verify': True,
},
'enable-http2-default': {
'url': cls.backend_url,
},
......@@ -953,9 +986,9 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
expected_parameter_dict = {
'monitor-base-url': None,
'domain': 'example.com',
'accepted-slave-amount': '40',
'accepted-slave-amount': '43',
'rejected-slave-amount': '4',
'slave-amount': '44',
'slave-amount': '47',
'rejected-slave-dict': {
"_apache_custom_http_s-rejected": ["slave not authorized"],
"_caddy_custom_http_s": ["slave not authorized"],
......@@ -1769,6 +1802,45 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result.headers['Location']
)
def test_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
parameter_dict = self.parseSlaveParameterDict(
'ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'sslproxyverifysslproxycacrtunverified.example.com',
'replication_number': '1',
'url': 'http://sslproxyverifysslproxycacrtunverified.example.com',
'site_url':
'http://sslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://sslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': LOCAL_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
httplib.BAD_GATEWAY,
result.status_code
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
httplib.BAD_GATEWAY,
result_http.status_code
)
def test_ssl_proxy_verify_ssl_proxy_ca_crt(self):
parameter_dict = self.parseSlaveParameterDict(
'ssl-proxy-verify_ssl_proxy_ca_crt')
......@@ -1793,17 +1865,42 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result.status_code
'gzip',
result.headers['Content-Encoding']
)
self.assertEqual(
'secured=value;secure, nonsecured=value',
result.headers['Set-Cookie']
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqualResultJson(result_http, 'Path', '/test-path')
try:
j = result_http.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result_http.status_code
'gzip',
result_http.headers['Content-Encoding']
)
self.assertEqual(
'secured=value;secure, nonsecured=value',
result_http.headers['Set-Cookie']
)
def test_ssl_proxy_verify_unverified(self):
......@@ -1835,6 +1932,47 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result.status_code
)
def test_enable_cache_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
parameter_dict = self.parseSlaveParameterDict(
'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain':
'enablecachesslproxyverifysslproxycacrtunverified.example.com',
'replication_number': '1',
'url':
'http://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'site_url':
'http://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://enablecachesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': LOCAL_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
httplib.BAD_GATEWAY,
result.status_code
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
httplib.BAD_GATEWAY,
result_http.status_code
)
def test_enable_cache_ssl_proxy_verify_ssl_proxy_ca_crt(self):
parameter_dict = self.parseSlaveParameterDict(
'enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt')
......@@ -1861,17 +1999,72 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
headers = result.headers.copy()
self.assertKeyWithPop('Via', headers)
self.assertKeyWithPop('Server', headers)
self.assertKeyWithPop('Date', headers)
self.assertKeyWithPop('Age', headers)
# drop keys appearing randomly in headers
headers.pop('Transfer-Encoding', None)
headers.pop('Content-Length', None)
headers.pop('Connection', None)
headers.pop('Keep-Alive', None)
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result.status_code
{'Content-type': 'application/json',
'Set-Cookie': 'secured=value;secure, nonsecured=value',
'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'},
headers
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
result_direct = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
port=26011)
self.assertEqualResultJson(result_direct, 'Path', '/test-path')
try:
j = result_direct.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result_http.status_code
'gzip',
result_direct.headers['Content-Encoding']
)
self.assertEqual(
'secured=value;secure, nonsecured=value',
result_direct.headers['Set-Cookie']
)
result_direct_https_backend = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path',
port=26012)
self.assertEqualResultJson(
result_direct_https_backend, 'Path', '/test-path')
try:
j = result_direct_https_backend.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (
result_direct_https_backend.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqual(
'gzip',
result_direct_https_backend.headers['Content-Encoding']
)
self.assertEqual(
'secured=value;secure, nonsecured=value',
result_direct_https_backend.headers['Set-Cookie']
)
def test_enable_cache_ssl_proxy_verify_unverified(self):
......@@ -1904,6 +2097,46 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
result.status_code
)
def test_type_zope_ssl_proxy_verify_ssl_proxy_ca_crt_unverified(self):
parameter_dict = self.parseSlaveParameterDict(
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'typezopesslproxyverifysslproxycacrtunverified.example.com',
'replication_number': '1',
'url':
'http://typezopesslproxyverifysslproxycacrtunverified.example.com',
'site_url':
'http://typezopesslproxyverifysslproxycacrtunverified.example.com',
'secure_access':
'https://typezopesslproxyverifysslproxycacrtunverified.example.com',
'public-ipv4': LOCAL_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
httplib.BAD_GATEWAY,
result.status_code
)
result_http = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
httplib.BAD_GATEWAY,
result_http.status_code
)
def test_type_zope_ssl_proxy_verify_ssl_proxy_ca_crt(self):
parameter_dict = self.parseSlaveParameterDict(
'type-zope-ssl-proxy-verify_ssl_proxy_ca_crt')
......@@ -1929,17 +2162,29 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.certificate_pem,
der2pem(result.peercert))
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result.status_code
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/https//'
'typezopesslproxyverifysslproxycacrt.example.com:443/'
'/VirtualHostRoot/test-path'
)
result_http = self.fakeHTTPResult(
result = self.fakeHTTPResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
httplib.NOT_IMPLEMENTED,
result_http.status_code
self.assertEqualResultJson(
result,
'Path',
'/VirtualHostBase/http//'
'typezopesslproxyverifysslproxycacrt.example.com:80/'
'/VirtualHostRoot/test-path'
)
def test_type_zope_ssl_proxy_verify_unverified(self):
......
......@@ -27,6 +27,8 @@ TestSlave-1/var/log/httpd/_enable_cache-disable-via-header_access_log
TestSlave-1/var/log/httpd/_enable_cache-disable-via-header_error_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_access_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify-unverified_error_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
TestSlave-1/var/log/httpd/_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
TestSlave-1/var/log/httpd/_enable_cache_access_log
......@@ -51,6 +53,8 @@ TestSlave-1/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
TestSlave-1/var/log/httpd/_server-alias_error_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_access_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_error_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_access_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify_ssl_proxy_ca_crt_error_log
TestSlave-1/var/log/httpd/_ssl_ca_crt_does_not_match_access_log
......@@ -67,6 +71,8 @@ TestSlave-1/var/log/httpd/_type-zope-path_access_log
TestSlave-1/var/log/httpd/_type-zope-path_error_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_access_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify-unverified_error_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_access_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified_error_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_access_log
TestSlave-1/var/log/httpd/_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt_error_log
TestSlave-1/var/log/httpd/_type-zope-virtualhostroot-http-port_access_log
......
......@@ -28,6 +28,8 @@ TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-
TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_enable_cache-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_https-only-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_https-only-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_monitor-ipv4-test-error-log-last-day
......@@ -53,6 +55,8 @@ TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-las
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_does_not_match-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl_ca_crt_garbage-error-log-last-day
......@@ -73,6 +77,8 @@ TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-err
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-ssl-proxy-verify_ssl_proxy_ca_crt-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-http-port-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_type-zope-virtualhostroot-https-port-error-log-last-day
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment