Merge remote-tracking branch 'origin/master' into goodbye-openssl-1.0.x

.editorconfig

 root = true
 
-[*.{cfg,in,md,json}]
+[*.{cfg,in,md,json,py}]
 end_of_line = lf
 charset = utf-8
 insert_final_newline = true
+trim_trailing_whitespace = true
 
-[**.json]
+[*.{json,py}]
 indent_style = space
 indent_size = 2
 

component/apache/buildout.cfg

@@ -7,7 +7,7 @@ extends =
   ../nghttp2/buildout.cfg
   ../gdbm/buildout.cfg
   ../libexpat/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../libxml2/buildout.cfg
   ../openssl/buildout.cfg
   ../patch/buildout.cfg

component/firefox/buildout.cfg

@@ -148,7 +148,7 @@ library =
   ${libpng:location}/lib
   ${libSM:location}/lib
   ${libtool:location}/lib
-  ${libuuid:location}/lib
+  ${util-linux:location}/lib
   ${libX11:location}/lib
   ${libXau:location}/lib
   ${libxcb:location}/lib

component/libsecret/buildout.cfg

@@ -6,7 +6,7 @@ extends =
   ../pkgconfig/buildout.cfg
   ../glib/buildout.cfg
   ../gettext/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../xz-utils/buildout.cfg
 
 

component/libuuid/buildout.cfg

-[buildout]
-parts =
-  libuuid
-
-extends =
-  ../perl/buildout.cfg
-
-[libuuid]
-recipe = slapos.recipe.cmmi
-shared = true
-url = http://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.2.tar.xz
-md5sum = d659bf7cd417d93dc609872f6334b019
-configure-options =
-  --disable-static
-  --disable-all-programs
-  --enable-libuuid
-  --without-libiconv-prefix
-  --without-libintl-prefix
-  --without-ncurses
-  --without-slang
-  --without-pam
-  --without-selinux
-  --without-audit
-
-environment =
-  PATH=${perl:location}/bin:%(PATH)s

component/pcre/buildout.cfg

@@ -7,7 +7,7 @@ parts =
 [pcre]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://ftp.pcre.org/pub/pcre/pcre-8.45.tar.bz2
+url = https://download.sourceforge.net/pcre/pcre/8.45/pcre-8.45.tar.bz2
 md5sum = 4452288e6a0eefb2ab11d36010a1eebb
 configure-options =
   --disable-static

component/qemu-kvm/buildout.cfg

@@ -8,7 +8,7 @@ extends =
   ../libcap-ng/buildout.cfg
   ../libpng/buildout.cfg
   ../liburing/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../meson/buildout.cfg
   ../ncurses/buildout.cfg
   ../ninja/buildout.cfg

component/quic_client-bin/buildout.cfg

@@ -11,7 +11,7 @@ extends =
   ../pcre/buildout.cfg
   ../libffi/buildout.cfg
   ../zlib/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
 # compilation
   ../git/buildout.cfg
 

component/rsyslogd/buildout.cfg

@@ -5,7 +5,7 @@ extends =
   ../curl/buildout.cfg
   ../libestr/buildout.cfg
   ../libfastjson/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../zlib/buildout.cfg
 
 [rsyslogd]

component/serf/buildout.cfg

@@ -3,7 +3,7 @@ parts =
   serf
 extends =
   ../apache/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../openssl/buildout.cfg
   ../zlib/buildout.cfg
 

component/subversion/buildout.cfg

@@ -5,7 +5,7 @@
 extends =
   ../apache/buildout.cfg
   ../libexpat/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../openssl/buildout.cfg
   ../patch/buildout.cfg
   ../perl/buildout.cfg

component/trafficserver/buildout.cfg

@@ -45,6 +45,7 @@ patch-options = -p1
 # (see https://github.com/apache/trafficserver/issues/8539 for the detail)
 patches =
   ${:_profile_base_location_}/trafficserver-9.1.1-TSHttpTxnCacheLookupStatusGet-fix.patch#d8ed3db3a48e97eb72aaaf7d7598a2d2
+  ${:_profile_base_location_}/trafficserver-9.1.1-via-string-rapid-cdn.patch#8c39243d7525222385d5964485734f99
 environment =
   PATH=${libtool:location}/bin:${make:location}/bin:${patch:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:%(PATH)s
   LDFLAGS =-L${openssl:location}/lib -Wl,-rpath=${openssl:location}/lib -L${tcl:location}/lib -Wl,-rpath=${tcl:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${luajit:location}/lib  -lm

component/trafficserver/trafficserver-9.1.1-via-string-rapid-cdn.patch

+diff -ur trafficserver-9.1.1.orig/proxy/http/HttpTransactHeaders.cc trafficserver-9.1.1/proxy/http/HttpTransactHeaders.cc
+--- trafficserver-9.1.1.orig/proxy/http/HttpTransactHeaders.cc	2022-02-09 12:21:56.591350540 +0100
++++ trafficserver-9.1.1/proxy/http/HttpTransactHeaders.cc	2022-03-07 13:02:31.503849619 +0100
+@@ -758,15 +758,6 @@
+     write_hdr_protocol_stack(via_string, via_limit - via_string, ProtocolStackDetail::Standard, proto_buf.data(), n_proto);
+   *via_string++ = ' ';
+ 
+-  via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
+-
+-  *via_string++ = '[';
+-  memcpy(via_string, Machine::instance()->uuid.getString(), TS_UUID_STRING_LEN);
+-  via_string += TS_UUID_STRING_LEN;
+-  *via_string++ = ']';
+-  *via_string++ = ' ';
+-  *via_string++ = '(';
+-
+   memcpy(via_string, s->http_config_param->proxy_request_via_string, s->http_config_param->proxy_request_via_string_len);
+   via_string += s->http_config_param->proxy_request_via_string_len;
+ 
+@@ -793,7 +784,6 @@
+     }
+   }
+ 
+-  *via_string++ = ')';
+   *via_string   = 0;
+ 
+   ink_assert((size_t)(via_string - new_via_string) < (sizeof(new_via_string) - 1));
+@@ -848,10 +838,6 @@
+     write_hdr_protocol_stack(via_string, via_limit - via_string, ProtocolStackDetail::Standard, proto_buf.data(), n_proto);
+   *via_string++ = ' ';
+ 
+-  via_string += nstrcpy(via_string, s->http_config_param->proxy_hostname);
+-  *via_string++ = ' ';
+-  *via_string++ = '(';
+-
+   memcpy(via_string, s->http_config_param->proxy_response_via_string, s->http_config_param->proxy_response_via_string_len);
+   via_string += s->http_config_param->proxy_response_via_string_len;
+ 
+@@ -877,7 +863,6 @@
+     }
+   }
+ 
+-  *via_string++ = ')';
+   *via_string   = 0;
+ 
+   ink_assert((size_t)(via_string - new_via_string) < (sizeof(new_via_string) - 1));

component/unstable/accords/buildout.cfg

@@ -5,7 +5,7 @@ extends =
   ../libtool/buildout.cfg
   ../git/buildout.cfg
   ../openssl/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
 
 parts = accords
 

component/unstable/apache-perl/buildout.cfg

@@ -4,7 +4,7 @@ parts = apache-perl perl-Apache2-Request
 extends =
   ../apache/buildout.cfg
   ../perl/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
 
 [apache-perl]
 # Note: Shall react on each build of apache and reinstall itself

component/util-linux/buildout.cfg

@@ -7,8 +7,8 @@ extends =
 [util-linux]
 recipe = slapos.recipe.cmmi
 shared = true
-url = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.1.tar.xz
-md5sum = 6d244f0f59247e9109f47d6e5dd0556b
+url = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.2.tar.xz
+md5sum = d659bf7cd417d93dc609872f6334b019
 configure-options =
   --disable-static
   --enable-libuuid
@@ -50,3 +50,21 @@ environment =
   PATH=${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
   LDFLAGS=-L${libcap-ng:location}/lib -Wl,-rpath=${libcap-ng:location}/lib
   CFLAGS=-I${libcap-ng:location}/include
+
+[libuuid]
+# libuuid is inside util-linux source code with only libuuid feature enabled.
+<= util-linux
+configure-options =
+  --disable-static
+  --disable-all-programs
+  --enable-libuuid
+  --without-libiconv-prefix
+  --without-libintl-prefix
+  --without-ncurses
+  --without-slang
+  --without-pam
+  --without-selinux
+  --without-audit
+
+environment =
+  PATH=${perl:location}/bin:%(PATH)s

component/xapian/buildout.cfg

@@ -3,7 +3,7 @@ parts =
   xapian
 extends =
   ../zlib/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
 
 [xapian]
 recipe = slapos.recipe.cmmi

component/xorg/buildout.cfg

@@ -10,7 +10,7 @@ extends =
   ../icu/buildout.cfg
   ../intltool/buildout.cfg
   ../libtool/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
   ../libxml2/buildout.cfg
   ../libxslt/buildout.cfg
   ../meson/buildout.cfg

component/zeromq/buildout.cfg

 [buildout]
 extends =
   ../libtool/buildout.cfg
-  ../libuuid/buildout.cfg
+  ../util-linux/buildout.cfg
 
 [zeromq]
 <= zeromq3

software/caddy-frontend/buildout.hash.cfg

@@ -22,19 +22,19 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
 
 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 3e3021b86c3cfe93553489441da85496
+md5sum = 04e550480d3057ca65d87c6fadbaed6e
 
 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = c028f1c5947494e7f25cf8266a3ecd2d
+md5sum = 63b418626ef0f8ac54d6359fb6637371
 
 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 6b6ab13d82bf9ecff6a37c3402ddbf95
+md5sum = e3ba0da5d137dcbd56c2604d200ac3b9
 
 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
-md5sum = df304a8aee87b6f2425241016a48f7a5
+md5sum = be54431846fe7f3cee65260eefc83d62
 
 [profile-caddy-frontend-configuration]
 _update_hash_filename_ = templates/Caddyfile.in
@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d
 
 [template-default-slave-virtualhost]
 _update_hash_filename_ = templates/default-virtualhost.conf.in
-md5sum = 37475d79f28c5f126bc1947fdb938fdb
+md5sum = 57c86795293b11300a036f5f8cf2c868
 
 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = ae4c9ce775ea003aa51eda5ecbbeec73
+md5sum = 6d4ad68ac44ccc72fe9148bd8e05a6f0
 
 [template-empty]
 _update_hash_filename_ = templates/empty.in
@@ -62,7 +62,7 @@ md5sum = 975177dedf677d24e14cede5d13187ce
 
 [template-trafficserver-records-config]
 _update_hash_filename_ = templates/trafficserver/records.config.jinja2
-md5sum = e87238c53d080ef9ef90040e57bc1395
+md5sum = 715baa302d562a7e4eddc3d1bf72f981
 
 [template-trafficserver-storage-config]
 _update_hash_filename_ = templates/trafficserver/storage.config.jinja2
@@ -94,7 +94,7 @@ md5sum = 8c150e1e6c993708d31936742f3a7302
 
 [caddyprofiledeps-setup]
 filename = setup.py
-md5sum = 6aad2b4c271294f524214192ee197c15
+md5sum = f6f72d03af7d9dc29fb4d4fef1062e73
 
 [caddyprofiledeps-dummy]
 filename = caddyprofiledummy.py

software/caddy-frontend/instance-apache-frontend.cfg.in

@@ -63,6 +63,75 @@ parts =
 [caddyprofiledeps]
 recipe = caddyprofiledeps
 
+[frontend-node-id]
+# Store id file in top of hierarchy, so it does not depend on directory creation
+file = ${buildout:directory}/.frontend-node-id.txt
+recipe = slapos.recipe.build
+init =
+  import os
+  import secrets
+  if not os.path.exists(options['file']):
+    with open(options['file'], 'w') as fh:
+      fh.write(secrets.token_urlsafe(4))
+  with open(options['file'], 'r') as fh:
+    options['value'] = fh.read()
+
+[frontend-node-private-salt]
+# Private, not communicated, stable hash, which can be used to salt other
+# hashes, so their values are connected to the node, but practicaly impossible
+# to crack (until the node is hacked itself, but then those values are
+# stolen anyway)
+recipe = slapos.recipe.build
+init =
+  import os
+  import uuid
+  if not os.path.exists(options['file']):
+    with open(options['file'], 'w') as fh:
+      fh.write(uuid.uuid4().hex)
+  with open(options['file'], 'r') as fh:
+    options['value'] = fh.read()
+file = ${buildout:directory}/.frontend-node-private-salt.txt
+
+[version-hash]
+recipe = slapos.recipe.build
+software-release-url = ${slap-connection:software-release-url}
+hash-salt = ${frontend-node-private-salt:value}
+init =
+  import hashlib
+  import base64
+  options['value'] = base64.urlsafe_b64encode(hashlib.md5(''.join([options['software-release-url'].strip(), options['hash-salt']])).digest())
+
+[frontend-node-information]
+recipe = slapos.recipe.build
+file = ${buildout:directory}/.frontend-node-information.json
+node-id = ${frontend-node-id:value}
+current-hash = ${version-hash:value}
+current-software-release-url = ${version-hash:software-release-url}
+init =
+  import json
+  changed = False
+  try:
+    with open(options['file'], 'r') as fh:
+      data = json.load(fh)
+  except Exception:
+    changed = True
+    data = {
+      'node-id': options['node-id'],
+      'version-hash-history': {options['current-hash']: options['current-software-release-url']}
+    }
+  if 'node-id' not in data:
+    data['node-id'] = options['node-id']
+    changed = True
+  if 'version-hash-history' not in data:
+    data['version-hash-history'] = {}
+    changed = True
+  if options['current-hash'] not in data['version-hash-history']:
+    data['version-hash-history'][options['current-hash']] = options['current-software-release-url']
+    changed = True
+  if changed:
+    with open(options['file'], 'w') as fh:
+      json.dump(data, fh)
+  options['value'] = data
 # Create all needed directories
 [directory]
 recipe = slapos.cookbook:mkdirectory
@@ -305,6 +374,10 @@ extra-context =
     key software_type :software_type
     key frontend_lazy_graceful_reload frontend-caddy-lazy-graceful:rendered
     key monitor_base_url monitor-instance-parameter:monitor-base-url 
+    key node_id frontend-node-id:value
+    key version_hash version-hash:value
+    key software_release_url version-hash:software-release-url
+    key node_information frontend-node-information:value
     key custom_ssl_directory caddy-directory:custom-ssl-directory
 # BBB: SlapOS Master non-zero knowledge BEGIN
     key apache_certificate apache-certificate:rendered
@@ -462,6 +535,8 @@ disk-cache-size = ${configuration:disk-cache-size}
 ram-cache-size = ${configuration:ram-cache-size}
 templates-dir = {{ software_parameter_dict['trafficserver'] }}/etc/trafficserver/body_factory
 request-timeout = ${configuration:request-timeout}
+version-hash = ${version-hash:value}
+node-id = ${frontend-node-id:value}
 
 [trafficserver-configuration-directory]
 recipe = plone.recipe.command

software/caddy-frontend/instance-apache-replicate.cfg.in

@@ -286,7 +286,7 @@ config-monitor-username = ${monitor-instance-parameter:username}
 config-monitor-password = ${monitor-htpasswd:passwd}
 
 software-type = {{frontend_type}}
-return = slave-instance-information-list monitor-base-url backend-client-csr-url kedifa-csr-url csr-certificate backend-haproxy-statistic-url
+return = slave-instance-information-list monitor-base-url backend-client-csr-url kedifa-csr-url csr-certificate backend-haproxy-statistic-url node-information-json
 
 {#- Send only needed parameters to frontend nodes #}
 {%- set base_node_configuration_dict = {} %}
@@ -376,6 +376,7 @@ kedifa-csr-certificate = ${request-kedifa:connection-csr-certificate}
 {% for frontend in frontend_list %}
   {% set section_part = '${request-' + frontend %}
 {{ frontend }}-backend-haproxy-statistic-url = {{ section_part }}:connection-backend-haproxy-statistic-url}
+{{ frontend }}-node-information-json = ${frontend-information:{{ frontend }}-node-information-json}
 {% endfor %}
 {% if not aibcc_enabled %}
 {% for frontend in frontend_list %}
@@ -461,6 +462,12 @@ warning-slave-dict = {{ dumps(warning_slave_dict) }}
 {# sort_keys are important in order to avoid shuffling parameters on each run #}
 active-slave-instance-list = {{ json_module.dumps(active_slave_instance_list, sort_keys=True) }}
 
+[frontend-information]
+{% for frontend in frontend_list %}
+  {% set section_part = '${request-' + frontend %}
+{{ frontend }}-node-information-json = {{ section_part }}:connection-node-information-json}
+{% endfor %}
+
 [dynamic-publish-slave-information]
 < = jinja2-template-base
 template = {{ software_parameter_dict['profile_replicate_publish_slave_information'] }}
@@ -468,6 +475,7 @@ filename = dynamic-publish-slave-information.cfg
 extensions = jinja2.ext.do
 extra-context =
     section slave_information slave-information
+    section frontend_information frontend-information
     section rejected_slave_information rejected-slave-information
     section active_slave_instance_dict active-slave-instance
     section warning_slave_information warning-slave-information

software/caddy-frontend/setup.py

@@ -10,6 +10,7 @@ setup(
     'furl',
     'orderedmultidict',
     'caucase',
+    'python2-secrets',
   ],
   entry_points={
     'zc.buildout': [

software/caddy-frontend/software.cfg

@@ -214,6 +214,7 @@ kedifa = 0.0.6
 # Modern KeDiFa requires zc.lockfile
 zc.lockfile = 1.4
 
+python2-secrets = 1.0.5
 validators = 0.12.2
 PyRSS2Gen = 1.1
 cns.recipe.symlink = 0.2.3

software/caddy-frontend/templates/apache-custom-slave-list.cfg.in

@@ -330,6 +330,8 @@ certificate = {{ certificate }}
 https_port = {{ dumps('' ~ configuration['port']) }}
 http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
 local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
+version-hash = {{ version_hash }}
+node-id = {{ node_id }}
 {%-   for key, value in slave_instance.iteritems() %}
 {%-     if value is not none %}
 {{ key }} = {{ dumps(value) }}
@@ -463,6 +465,8 @@ csr-certificate = ${expose-csr-certificate-get:certificate}
 {#-   We unquote, as furl quotes automatically, but there is buildout value on purpose like ${...:...} in the passwod #}
 {%-   set statistic_url = urlparse_module.unquote(furled.tostr()) %}
 backend-haproxy-statistic-url = {{ statistic_url }}
+{#-   sort_keys are important in order to avoid shuffling parameters on each run #}
+node-information-json = {{ json_module.dumps(node_information, sort_keys=True) }}
 
 [kedifa-updater]
 recipe = slapos.cookbook:wrapper
@@ -513,6 +517,8 @@ global-ipv6 = ${slap-configuration:ipv6-random}
 request-timeout = {{ dumps('' ~ configuration['request-timeout']) }}
 backend-connect-timeout = {{ dumps('' ~ configuration['backend-connect-timeout']) }}
 backend-connect-retries =  {{ dumps('' ~ configuration['backend-connect-retries']) }}
+version-hash = {{ version_hash }}
+node-id = {{ node_id }}
 
 [template-expose-csr-link-csr]
 recipe = plone.recipe.command

software/caddy-frontend/templates/backend-haproxy.cfg.in

@@ -58,6 +58,8 @@ frontend statistic
 
 frontend http-backend
   bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
+  http-request add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash'] }}"
+  http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
 {%- for slave_instance in backend_slave_list -%}
 {{ frontend_entry(slave_instance, 'http', False) }}
 {%- endfor %}

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -21,6 +21,10 @@
     # workaround for lost connection to haproxy by reconnecting
     try_duration 3s
     try_interval 250ms
+    header_upstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
+{%-   if not slave_parameter['disable-via-header'] %}
+    header_downstream +Via "{proto} rapid-cdn-frontend-{{ slave_parameter['node-id'] }}-{{ slave_parameter['version-hash'] }}"
+{%-   endif %}
 {%- endmacro %} {# proxy_header #}
 
 {%- macro hsts_header(tls) %}

software/caddy-frontend/templates/replicate-publish-slave-information.cfg.in

@@ -72,6 +72,9 @@ log-access-url = {{ dumps(json_module.dumps(log_access_url, sort_keys=True)) }}
 {{ key }} = {{ dumps(value) }}
 {%     endfor %}
 {%   endif %}
+{%   for frontend_key, frontend_value in frontend_information.iteritems() %}
+{{ frontend_key }} = {{ frontend_value }}
+{%   endfor %}
 {% endfor %}
 
 [buildout]

software/caddy-frontend/templates/trafficserver/records.config.jinja2

@@ -18,6 +18,12 @@ LOCAL proxy.local.incoming_ip_to_bind STRING {{ ats_configuration['local-ip'] }}
 CONFIG proxy.config.log.logfile_dir STRING {{ ats_directory['log'] }}
 # Never change Server header
 CONFIG proxy.config.http.response_server_enabled INT 0
+# Handle Via header
+CONFIG proxy.config.http.insert_request_via_str INT 1
+CONFIG proxy.config.http.request_via_str STRING rapid-cdn-cache-{{ ats_configuration['node-id'] }}-{{ ats_configuration['version-hash'] }}
+CONFIG proxy.config.http.insert_response_via_str INT 1
+CONFIG proxy.config.http.response_via_str STRING rapid-cdn-cache-{{ ats_configuration['node-id'] }}-{{ ats_configuration['version-hash'] }}
+
 # Implement RFC 5861 with core
 CONFIG proxy.config.http.cache.open_write_fail_action INT 2
 CONFIG proxy.config.body_factory.template_sets_dir STRING  {{ ats_configuration['templates-dir'] }}
@@ -53,13 +59,6 @@ CONFIG proxy.config.exec_thread.affinity INT 1
 ##############################################################################
 CONFIG proxy.config.http.server_ports STRING {{ ats_configuration['local-ip'] + ':' + ats_configuration['input-port'] }}
 
-##############################################################################
-# Via: headers. Docs:
-#     https://docs.trafficserver.apache.org/records.config#proxy-config-http-insert-response-via-str
-##############################################################################
-CONFIG proxy.config.http.insert_request_via_str INT 1
-CONFIG proxy.config.http.insert_response_via_str INT 0
-
 ##############################################################################
 # Parent proxy configuration, in addition to these settings also see parent.config. Docs:
 #    https://docs.trafficserver.apache.org/records.config#parent-proxy-configuration

stack/slapos.cfg

@@ -190,7 +190,7 @@ setuptools-dso = 1.7
 rubygemsrecipe  = 0.4.3
 six = 1.12.0
 slapos.cookbook = 1.0.226
-slapos.core = 1.7.4
+slapos.core = 1.7.5
 slapos.extension.strip = 0.4
 slapos.extension.shared = 1.0
 slapos.libnetworkcache = 0.22
@@ -249,10 +249,12 @@ certifi = 2020.6.20
 chardet = 3.0.4
 urllib3 = 1.25.9
 pkgconfig = 1.5.1
+distro = 1.7.0
 
 
 [versions:python2]
 Werkzeug = 1.0.1
+distro = 1.6.0
 
 
 [networkcache]