Commit 0925449a authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Deduplicate local host names

custom_domain and server-alias on given slave do not have to clash, and
can be deduplicated during request parameter analysis.

/reviewed-on !444
parent fdbfc49e
...@@ -26,7 +26,7 @@ md5sum = ab1795f92e32655d05c662c965d2b1f5 ...@@ -26,7 +26,7 @@ md5sum = ab1795f92e32655d05c662c965d2b1f5
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
md5sum = a0110d0ec69875946a16ac3a4b269eb8 md5sum = 44d50bf8391b5a73b2ab72923efe6437
[template-slave-list] [template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in filename = templates/apache-custom-slave-list.cfg.in
...@@ -62,7 +62,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -62,7 +62,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 9e00b6d981b9f93a486ef06a47345ebd md5sum = 669a93b7e21b99066a84494fec47906b
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
...@@ -71,6 +71,7 @@ context = ...@@ -71,6 +71,7 @@ context =
{% set unauthorized_message = 'slave not authorized' %} {% set unauthorized_message = 'slave not authorized' %}
{% for slave in slave_instance_list %} {% for slave in slave_instance_list %}
{% set slave_error_list = [] %} {% set slave_error_list = [] %}
{% set slave_server_alias_unclashed = [] %}
{# BBB: apache_custom_https AND apache_custom_http #} {# BBB: apache_custom_https AND apache_custom_http #}
{% set custom_domain = slave.get('custom_domain') %} {% set custom_domain = slave.get('custom_domain') %}
{% if custom_domain and custom_domain in used_host_list %} {% if custom_domain and custom_domain in used_host_list %}
...@@ -88,13 +89,17 @@ context = ...@@ -88,13 +89,17 @@ context =
{% if not validators.domain(clean_slave_alias) %} {% if not validators.domain(clean_slave_alias) %}
{% do slave_error_list.append('server-alias %r not valid' % (slave_alias,)) %} {% do slave_error_list.append('server-alias %r not valid' % (slave_alias,)) %}
{% else %} {% else %}
{% if slave_alias in used_host_list %} {% if slave_alias in slave_server_alias_unclashed or slave_alias == custom_domain %}
{# optionally do something about reporting back that server-alias has been unclashed #}
{% elif slave_alias in used_host_list %}
{% do slave_error_list.append('server-alias %r clashes' % (slave_alias,)) %} {% do slave_error_list.append('server-alias %r clashes' % (slave_alias,)) %}
{% else %} {% else %}
{% do slave_server_alias_unclashed.append(slave_alias) %}
{% do used_host_list.append(slave_alias) %} {% do used_host_list.append(slave_alias) %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% do slave.__setitem__('server-alias', ' '.join(slave_server_alias_unclashed)) %}
{% endif %} {% endif %}
{% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %} {% for key in ['caddy_custom_http', 'caddy_custom_https', 'apache_custom_http', 'apache_custom_https'] %}
{% if slave.get(key) %} {% if slave.get(key) %}
......
...@@ -12,12 +12,10 @@ ...@@ -12,12 +12,10 @@
{%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %} {%- set disabled_cookie_list = slave_parameter.get('disabled-cookie-list', '').split() %}
{%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %} {%- set https_only = ('' ~ slave_parameter.get('https-only', '')).lower() in TRUE_VALUES %}
{%- set slave_type = slave_parameter.get('type', '') %} {%- set slave_type = slave_parameter.get('type', '') %}
{%- set host_list = [] %} {%- set host_list = server_alias_list %}
{%- for host in [slave_parameter.get('custom_domain')] + server_alias_list %} {%- if slave_parameter.get('custom_domain') not in host_list %}
{%- if host not in host_list %} {%- do host_list.append(slave_parameter.get('custom_domain')) %}
{%- do host_list.append(host) %} {%- endif %}
{%- endif %}
{%- endfor %}
{%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %} {%- set backend_url = slave_parameter.get('https-url', slave_parameter.get('url', '')) %}
{%- set http_host_list = [] %} {%- set http_host_list = [] %}
{%- set https_host_list = [] %} {%- set https_host_list = [] %}
......
...@@ -589,6 +589,15 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -589,6 +589,15 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
'url': cls.backend_url, 'url': cls.backend_url,
'server-alias': '*.alias1.example.com', 'server-alias': '*.alias1.example.com',
}, },
'server-alias-duplicated': {
'url': cls.backend_url,
'server-alias': 'alias3.example.com alias3.example.com',
},
'server-alias_custom_domain-duplicated': {
'url': cls.backend_url,
'custom_domain': 'alias4.example.com',
'server-alias': 'alias4.example.com alias4.example.com',
},
'ssl-proxy-verify_ssl_proxy_ca_crt': { 'ssl-proxy-verify_ssl_proxy_ca_crt': {
'url': cls.backend_https_url, 'url': cls.backend_https_url,
'ssl-proxy-verify': True, 'ssl-proxy-verify': True,
...@@ -1124,6 +1133,66 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s { ...@@ -1124,6 +1133,66 @@ http://apachecustomhttpsaccepted.example.com:%%(http_port)s {
self.assertEqualResultJson(result, 'Path', '/test-path') self.assertEqualResultJson(result, 'Path', '/test-path')
def test_server_alias_duplicated(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
'server-alias-duplicated']
self.assertLogAccessUrlWithPop(parameter_dict, 'server-alias-duplicated')
self.assertEqual(
{
'domain': 'serveraliasduplicated.example.com',
'replication_number': '1',
'url': 'http://serveraliasduplicated.example.com',
'site_url': 'http://serveraliasduplicated.example.com',
'secure_access': 'https://serveraliasduplicated.example.com',
'public-ipv4': LOCAL_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
open('wildcard.example.com.crt').read(),
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
result = self.fakeHTTPSResult(
'alias3.example.com', parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
open('wildcard.example.com.crt').read(),
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
def test_server_alias_custom_domain_duplicated(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
'server-alias_custom_domain-duplicated']
self.assertLogAccessUrlWithPop(
parameter_dict, 'server-alias_custom_domain-duplicated')
self.assertEqual(
{
'domain': 'alias4.example.com',
'replication_number': '1',
'url': 'http://alias4.example.com',
'site_url': 'http://alias4.example.com',
'secure_access': 'https://alias4.example.com',
'public-ipv4': LOCAL_IPV4,
},
parameter_dict
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
open('wildcard.example.com.crt').read(),
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
@skip('Feature postponed') @skip('Feature postponed')
def test_check_error_log(self): def test_check_error_log(self):
# Caddy: Need to implement similar thing like check-error-on-apache-log # Caddy: Need to implement similar thing like check-error-on-apache-log
...@@ -3450,10 +3519,9 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3450,10 +3519,9 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
'rejected-slave-amount': '3', 'rejected-slave-amount': '3',
'slave-amount': '4', 'slave-amount': '4',
'rejected-slave-dict': 'rejected-slave-dict':
'{"_site_4": ["custom_domain \'duplicate.example.com\' clashes", ' '{"_site_4": ["custom_domain \'duplicate.example.com\' clashes"], '
'"server-alias \'duplicate.example.com\' clashes"], "_site_1": ' '"_site_1": ["custom_domain \'duplicate.example.com\' clashes"], '
'["custom_domain \'duplicate.example.com\' clashes"], "_site_3": ' '"_site_3": ["server-alias \'duplicate.example.com\' clashes"]}'
'["server-alias \'duplicate.example.com\' clashes"]}'
} }
self.assertEqual( self.assertEqual(
...@@ -3505,8 +3573,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -3505,8 +3573,7 @@ class TestDuplicateSiteKeyProtection(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual( self.assertEqual(
{ {
'request-error-list': 'request-error-list':
'["custom_domain \'duplicate.example.com\' clashes", "server-alias ' '["custom_domain \'duplicate.example.com\' clashes"]'
'\'duplicate.example.com\' clashes"]'
}, },
parameter_dict parameter_dict
) )
......
...@@ -39,9 +39,13 @@ TestSlave-1/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log ...@@ -39,9 +39,13 @@ TestSlave-1/var/log/httpd/_prefer-gzip-encoding-to-backend_access_log
TestSlave-1/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log TestSlave-1/var/log/httpd/_prefer-gzip-encoding-to-backend_error_log
TestSlave-1/var/log/httpd/_re6st-optimal-test_access_log TestSlave-1/var/log/httpd/_re6st-optimal-test_access_log
TestSlave-1/var/log/httpd/_re6st-optimal-test_error_log TestSlave-1/var/log/httpd/_re6st-optimal-test_error_log
TestSlave-1/var/log/httpd/_server-alias-duplicated_access_log
TestSlave-1/var/log/httpd/_server-alias-duplicated_error_log
TestSlave-1/var/log/httpd/_server-alias-wildcard_access_log TestSlave-1/var/log/httpd/_server-alias-wildcard_access_log
TestSlave-1/var/log/httpd/_server-alias-wildcard_error_log TestSlave-1/var/log/httpd/_server-alias-wildcard_error_log
TestSlave-1/var/log/httpd/_server-alias_access_log TestSlave-1/var/log/httpd/_server-alias_access_log
TestSlave-1/var/log/httpd/_server-alias_custom_domain-duplicated_access_log
TestSlave-1/var/log/httpd/_server-alias_custom_domain-duplicated_error_log
TestSlave-1/var/log/httpd/_server-alias_error_log TestSlave-1/var/log/httpd/_server-alias_error_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_access_log TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_access_log
TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_error_log TestSlave-1/var/log/httpd/_ssl-proxy-verify-unverified_error_log
......
...@@ -39,10 +39,14 @@ TestSlave-1/etc/monitor-promise/check-_prefer-gzip-encoding-to-backend-error-log ...@@ -39,10 +39,14 @@ TestSlave-1/etc/monitor-promise/check-_prefer-gzip-encoding-to-backend-error-log
TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-day TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test TestSlave-1/etc/monitor-promise/check-_re6st-optimal-test-re6st-optimal-test
TestSlave-1/etc/monitor-promise/check-_server-alias-duplicated-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_server-alias-duplicated-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_server-alias-error-log-last-day TestSlave-1/etc/monitor-promise/check-_server-alias-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_server-alias-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_server-alias-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-day TestSlave-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_server-alias-wildcard-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_server-alias_custom_domain-duplicated-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_server-alias_custom_domain-duplicated-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-day TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-day
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-hour TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify-unverified-error-log-last-hour
TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day TestSlave-1/etc/monitor-promise/check-_ssl-proxy-verify_ssl_proxy_ca_crt-error-log-last-day
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment