-
Jérome Perrin authored
Two big differences of haproxy are that haproxy does not use separate files for certificates and that the time in logs are in milliseconds, whereas with httpd it was microseconds. For certificates, when using caucase to generate haproxy's own server certificate we specify the same file as cert and key as caucase supports this and instead of maintaining directories of CA and CRL for client certificates (used by shared frontend), we build PEM files containing all CA certificates and all CRL together. For the logs, we use a new version of apachedex which supports `%{ms}T` for durations. Tests have been modified a bit, because haproxy uses HTTP/2.0 and not 1.1 like httpd was doing several haproxy features (keep alive and gzip compression) are only available when backend uses HTTP/1.1, so we adjusted tests to use a 1.1 backend. There was also differences with logs, because of the time being in milliseconds. TestPublishedURLIsReachableMixin._checkERP5IsReachable was also updated, it was working by chance because when accessed behind httpd->haproxy->zope, zope was producing a redirect URL that was the URL of haproxy, which could be resolved by chance. This test was updated to access zope with a path that contains VirtualHostMonster magic, as the shared frontend ( with "zope" software type) is supposed to set. This should hopefuly solve the "502 Proxy Error" that we are observing with httpd.
086280d6