caddy-frontend: Move out logic from configuration file generation

As decision making quite often requires access to more than one slave entry, it's better to keep the logic above configuration generation. Also configuration generation is already complex, and it's better to have it simplified, especially in case of switching the component. Use already prepared values from apache-custom-slave-list.cfg.in in default-virtualhost.conf.in to simplify even more. Pass variables to the other profiles without casting them to string, so that they work out of the box.

caddy-frontend: Move out logic from configuration file generation
As decision making quite often requires access to more than one slave entry, it's better to keep the logic above configuration generation. Also configuration generation is already complex, and it's better to have it simplified, especially in case of switching the component. Use already prepared values from apache-custom-slave-list.cfg.in in default-virtualhost.conf.in to simplify even more. Pass variables to the other profiles without casting them to string, so that they work out of the box.
fc23be53 · Łukasz Nowak · 6909dcef · fc23be53 · fc23be53 · fc23be53
Commit fc23be53 authored Nov 24, 2020 by Łukasz Nowak
5 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68

 [profile-caddy-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = e8db3179e3278c6390a786cdcc947173
+md5sum = a6a626fd1579fd1d4b80ea67433ca16a

 [profile-caddy-replicate]
 filename = instance-apache-replicate.cfg.in
@@ -30,7 +30,7 @@ md5sum = 2329022227099971a57f710832509153

 [profile-slave-list]
 _update_hash_filename_ = templates/apache-custom-slave-list.cfg.in
-md5sum = 2cbcdff6fe75ec469ab7d6accd72f83c
+md5sum = eadc3ee8927461fe9475e8b01667bbfe

 [profile-replicate-publish-slave-information]
 _update_hash_filename_ = templates/replicate-publish-slave-information.cfg.in
@@ -46,11 +46,11 @@ md5sum = 88af61e7abbf30dc99a1a2526161128d

 [template-default-slave-virtualhost]
 _update_hash_filename_ = templates/default-virtualhost.conf.in
-md5sum = bd9e269130bac989faa639e0903814e2
+md5sum = 1eb9f415229aa74de83f6d8660cac5a8

 [template-backend-haproxy-configuration]
 _update_hash_filename_ = templates/backend-haproxy.cfg.in
-md5sum = 5c807d34198f334b143cfa9263f6bc4e
+md5sum = 0923a9227c131d2f1e11d7ddd5b15673

 [template-empty]
 _update_hash_filename_ = templates/empty.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -287,6 +287,7 @@ extra-context =
    key backend_client_caucase_url :backend-client-caucase-url
    import urlparse_module urlparse
    import furl_module furl
+    import urllib_module urllib
    key master_key_download_url :master_key_download_url
    key autocert caddy-directory:autocert
    key caddy_log_directory caddy-directory:slave-log

--- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
+++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in
@@ -2,6 +2,7 @@
 {%- set kedifa_updater_mapping = [] %}
 {%- set cached_server_dict = {} %}
 {%- set backend_slave_list = [] %}
+{%- set frontend_slave_list = [] %}
 {%- set part_list = [] %}
 {%- set cache_port = caddy_configuration.get('cache-port') %}
 {%- set cache_access = "http://%s:%s" % (instance_parameter_dict['ipv4-random'], cache_port) %}
@@ -39,16 +40,39 @@ context =
 [slave-password]
 [slave-htpasswd]

-{#- Loop thought slave list to set up slaves #}
+{#- Prepare configuration parameters #}
 {%- set DEFAULT_PORT = {'http': 80, 'https': 443, '': None} %}
-{%- for slave_instance in slave_instance_list %}
-{#- prepare backend parameters #}
-{%- for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
-{%-   set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
-{%-   set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
-{%-   do slave_instance.__setitem__(prefix, info_dict) %}
+{%- for key in ['enable-http2-by-default', 'global-disable-http2'] %}
+{%-   do configuration.__setitem__(key, ('' ~ configuration[key]).lower() in TRUE_VALUES) %}
 {%- endfor %}
+{#- Loop thought slave list to set up slaves #}
+{%- for slave_instance in slave_instance_list %}
+{#-   Prepare slave parameters: #}
+{#-     * convert strings to booleans (as slapproxy and SlapOS Master differ a bit) #}
+{#-     * create real lists from string lists #}
+{#-     * setup defaults to simplify other profiles #}
+{#-     * stabilise values for backend #}
+{%-   for key, prefix in [('url', 'http_backend'), ('https-url', 'https_backend')] %}
+{%-     set parsed = urlparse_module.urlparse(slave_instance.get(key, '').strip()) %}
+{%-     set info_dict = {'scheme': parsed.scheme, 'hostname': parsed.hostname, 'port': parsed.port or DEFAULT_PORT[parsed.scheme], 'path': parsed.path, 'fragment': parsed.fragment} %}
+{%-     do slave_instance.__setitem__(prefix, info_dict) %}
+{%-   endfor %}
 {%-   do slave_instance.__setitem__('ssl_proxy_verify', ('' ~ slave_instance.get('ssl-proxy-verify', '')).lower() in TRUE_VALUES) %}
+{%-   do slave_instance.__setitem__('enable-http2', ('' ~ slave_instance.get('enable-http2', configuration['enable-http2-by-default'])).lower() in TRUE_VALUES) %}
+{%-   for key in ['https-only', 'websocket-transparent'] %}
+{%-     do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'true')).lower() in TRUE_VALUES) %}
+{%-   endfor %}
+{%-   for key in ['enable_cache', 'disable-no-cache-request', 'disable-via-header', 'prefer-gzip-encoding-to-backend'] %}
+{%-     do slave_instance.__setitem__(key, ('' ~ slave_instance.get(key, 'false')).lower() in TRUE_VALUES) %}
+{%-   endfor %}
+{%-   for key in ['disabled-cookie-list'] %}
+{%-     do slave_instance.__setitem__(key, slave_instance.get(key, '').split()) %}
+{%-   endfor %}
+{%-   for key, default in [('virtualhostroot-http-port', '80'), ('virtualhostroot-https-port', '443')] %}
+{%-     do slave_instance.__setitem__(key, int(slave_instance.get(key, default))) %}
+{%-   endfor %}
+{%-   do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}
+{%-   do slave_instance.__setitem__('path', slave_instance.get('path', '').strip('/')) %}
 {#-   Manage ciphers #}
 {%-   set slave_ciphers = slave_instance.get('ciphers', '').strip().split() %}
 {%-   if slave_ciphers %}
@@ -56,10 +80,10 @@ context =
 {%-   else %}
 {%-     set slave_cipher_list = configuration['ciphers'].strip() %}
 {%-   endif %}
-{%-   do slave_instance.__setitem__('cipher_list', slave_cipher_list) %}
+{%-   do slave_instance.__setitem__('ciphers', slave_cipher_list) %}
 {#-   Manage common instance parameters #}
 {%-   set slave_type = slave_instance.get('type', '') %}
-{%-   set enable_cache = (('' ~ slave_instance.get('enable_cache', '')).lower() in TRUE_VALUES and slave_type != 'redirect') %}
+{%-   set enable_cache = (slave_instance['enable_cache'] and slave_type != 'redirect') %}
 {%-   set slave_reference = slave_instance.get('slave_reference') %}
 {%-   set slave_kedifa = slave_kedifa_information.get(slave_reference) %}
 {#-   Setup backend URLs for front facing Caddy #}
@@ -103,9 +127,6 @@ context =
 {%-   do part_list.extend([slave_ln_section]) %}
 {%-   do part_list.extend([slave_section_title]) %}
 {%-   set slave_log_folder = '${logrotate-directory:logrotate-backup}/' + slave_reference + "-logs" %}
-{#-   Pass HTTP2 switch #}
-{%-   do slave_instance.__setitem__('enable_http2_by_default', configuration['enable-http2-by-default']) %}
-{%-   do slave_instance.__setitem__('global_disable_http2', configuration['global-disable-http2']) %}
 {#-   Pass backend timeout values #}
 {%-   for key in ['backend-connect-timeout', 'backend-connect-retries', 'request-timeout', 'authenticate-to-backend'] %}
 {%-     if slave_instance.get(key, '') == '' %}
@@ -168,6 +189,28 @@ context =
 {%-   do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
 {%-   do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
 {%-   do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
+{%-   set host_list = slave_instance.get('server-alias', '').split() %}
+{%-   if slave_instance.get('custom_domain') not in host_list %}
+{%-     do host_list.append(slave_instance.get('custom_domain')) %}
+{%-   endif %}
+{%-   do slave_instance.__setitem__('host_list', host_list) %}
+{%-   do slave_instance.__setitem__('type', slave_instance.get('type', '')) %}
+{%-   set websocket_path_list = [] %}
+{%-   for websocket_path in slave_instance.get('websocket-path-list', '').split() %}
+{%-     set websocket_path = websocket_path.strip('/') %}
+{#-   Unquote the path, so %20 and similar can be represented correctly #}
+{%-     set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
+{%-     if websocket_path %}
+{%-       do websocket_path_list.append(websocket_path) %}
+{%-     endif %}
+{%-   endfor %}
+{%-   do slave_instance.__setitem__('websocket-path-list', websocket_path_list) %}
+{%-   do slave_instance.__setitem__('enable_h2', not configuration['global-disable-http2'] and slave_instance['enable-http2']) %}
+{%-   if slave_instance['type'] in ['notebook', 'websocket'] %}
+{#    websocket style needs http 1.1 max #}
+{%-     do slave_instance.__setitem__('enable_h2', False) %}
+{%-   endif %}
+{%-   do slave_instance.__setitem__('default-path', slave_instance.get('default-path', '').strip('/') | urlencode) %}

 [slave-log-directory-dict]
 {{slave_reference}} = {{ slave_log_folder }}
@@ -224,12 +267,13 @@ command = {{ software_parameter_dict['htpasswd'] }} -cb ${:file} {{ slave_refere
 {%-   do slave_parameter_dict.__setitem__('certificate', certificate )%}
 {#-   Set ssl certificates for each slave #}
 {%-     for cert_name in ('ssl_csr', 'ssl_proxy_ca_crt')%}
+{%-       set cert_file_key = 'path_to_' + cert_name %}
 {%-       if cert_name in slave_instance %}
 {%-         set cert_title = '%s-%s' % (slave_reference, cert_name.replace('ssl_', '')) %}
 {%-         set cert_file = '/'.join([custom_ssl_directory, cert_title.replace('-','.')]) %}
 {%-         do part_list.append(cert_title) %}
 {%-         do slave_parameter_dict.__setitem__(cert_name, cert_file) %}
-{%-         do slave_instance.__setitem__('path_to_' + cert_name, cert_file) %}
+{%-         do slave_instance.__setitem__(cert_file_key, cert_file) %}
 {#-         Store certificates on fs #}
 [{{ cert_title }}]
 < = jinja2-template-base
@@ -241,7 +285,9 @@ extra-context =
 {#-         Store certificate in config #}
 [{{ cert_title + '-config' }}]
 value = {{ dumps(slave_instance.get(cert_name)) }}
-{%-       endif %}
+{%-       else %}
+{%-         do slave_instance.__setitem__(cert_file_key, None) %}
+{%-       endif %} {#- if cert_name in slave_instance #}
 {%-     endfor %}
 {#-   Set Up Certs #}
 {%-   if 'ssl_key' in slave_instance and 'ssl_crt' in slave_instance %}
@@ -273,7 +319,7 @@ http_port = {{ dumps('' ~ configuration['plain_http_port']) }}
 local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
 {%-   for key, value in slave_instance.iteritems() %}
 {%-     if value is not none %}
-{{ key }} = {{ dumps('' ~ value) }}
+{{ key }} = {{ dumps(value) }}
 {%-     endif %}
 {%-   endfor %}

@@ -284,7 +330,6 @@ rendered = {{ caddy_configuration_directory }}/${:filename}
 template = {{ template_default_slave_configuration }}
 extra-context =
    section slave_parameter {{ slave_configuration_section_name }}
-    import urllib_module urllib

 filename = {{ '%s.conf' % slave_reference }}
 {{ '\n' }}
@@ -329,6 +374,7 @@ recipe = slapos.cookbook:publish
 {%-   else %}
 {%-     do slave_instance_information_list.append(slave_publish_dict) %}
 {%-   endif %}
+{%-  do frontend_slave_list.append(slave_instance) %}
 {%-  if slave_type != 'redirect' %}
 {%-    do backend_slave_list.append(slave_instance) %}
 {%-  endif %}

--- a/software/caddy-frontend/templates/backend-haproxy.cfg.in
+++ b/software/caddy-frontend/templates/backend-haproxy.cfg.in
@@ -18,12 +18,8 @@ defaults
 {%- macro frontend_entry(slave_instance, scheme, wildcard) %}
 {#-   wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
 {%-   if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
-{%-     set host_list = (slave_instance.get('server-alias') or  '').split() %}
-{%-     if slave_instance.get('custom_domain') not in host_list %}
-{%-       do host_list.append(slave_instance.get('custom_domain')) %}
-{%-     endif %}
 {%-     set matched = {'count': 0} %}
-{%-     for host in host_list %}
+{%-     for host in slave_instance['host_list'] %}
 {#-       Match up to the end or optional port (starting with ':') #}
 {#-       Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
 {%-       if wildcard and host.startswith('*.') %}
@@ -80,10 +76,9 @@ frontend https-backend
 {%-           do ssl_list.append('crt %s' % (configuration['certificate'],)) %}
 {%-         endif %}
 {%-         do ssl_list.append('ssl verify') %}
-{%-         set path_to_ssl_proxy_ca_crt = slave_instance.get('path_to_ssl_proxy_ca_crt') %}
 {%-         if slave_instance['ssl_proxy_verify'] %}
-{%-           if path_to_ssl_proxy_ca_crt %}
-{%-             do ssl_list.append('required ca-file %s' % (path_to_ssl_proxy_ca_crt,)) %}
+{%-           if slave_instance['path_to_ssl_proxy_ca_crt']  %}
+{%-             do ssl_list.append('required ca-file %s' % (slave_instance['path_to_ssl_proxy_ca_crt'],)) %}
 {%-           else %}
 {#-           Backend SSL shall be verified, but not CA provided, disallow connection #}
 {#-           Simply dropping hostname from the dict will result with ignoring it... #}

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
-{%- set TRUE_VALUES = ['y', 'yes', '1', 'true'] %}
-{%- set enable_cache = slave_parameter.get('enable_cache', '').lower() in TRUE_VALUES %}
-{%- set disable_no_cache_header = slave_parameter.get('disable-no-cache-request', '').lower() in TRUE_VALUES %}
-{%- set disable_via_header = slave_parameter.get('disable-via-header', '').lower() in TRUE_VALUES %}
-{%- set prefer_gzip = slave_parameter.get('prefer-gzip-encoding-to-backend', '').lower() in TRUE_VALUES %}
 {%- set proxy_append_list = [('', 'Default proxy configuration')] %}
-{%- if prefer_gzip %}
+{%- if slave_parameter['prefer-gzip-encoding-to-backend'] %}
 {%- do proxy_append_list.append(('prefer-gzip', 'Proxy which always overrides Accept-Encoding to gzip if such is found')) %}
-{%- endif %} {#- if prefer_gzip #}
-{%- set server_alias_list =  slave_parameter.get('server-alias', '').split() %}
-{%- set enable_h2 = slave_parameter['global_disable_http2'].lower() not in TRUE_VALUES and slave_parameter.get('enable-http2', slave_parameter['enable_http2_by_default']).lower() in TRUE_VALUES %}
-{%- set disabled_cookie_list =  slave_parameter.get('disabled-cookie-list', '').split() %}
-{%- set https_only = slave_parameter.get('https-only', 'true').lower() in TRUE_VALUES %}
-{%- set slave_type = slave_parameter.get('type', '') %}
-{%- set host_list = server_alias_list %}
-{%- set cipher_list = slave_parameter.get('cipher_list', '').strip() %}
-{%- if slave_parameter.get('custom_domain') not in host_list %}
-{%-   do host_list.append(slave_parameter.get('custom_domain')) %}
-{%- endif %}
+{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
 {%- set http_host_list = [] %}
 {%- set https_host_list = [] %}
-{%- for host in host_list %}
+{%- for host in slave_parameter['host_list'] %}
 {%-   do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
 {%-   do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
-{%- endfor %} {#- for host in host_list #}
-{%- set default_path = slave_parameter.get('default-path', '').strip('/') | urlencode %}
-{%- set websocket_path_list = [] %}
-{%- for websocket_path in slave_parameter.get('websocket-path-list', '').split() %}
-{%-   set websocket_path = websocket_path.strip('/') %}
-{#- Unquote the path, so %20 and similar can be represented correctly #}
-{%-   set websocket_path = urllib_module.unquote(websocket_path.strip()) %}
-{%-   if websocket_path %}
-{%-     do websocket_path_list.append(websocket_path) %}
-{%-   endif %}
-{%- endfor %}
-{%- set websocket_transparent = slave_parameter.get('websocket-transparent', 'true').lower() in TRUE_VALUES %}
-{%- if slave_type in ['notebook', 'websocket'] %}
-{# websocket style needs http 1.1 max #}
-{%-   set enable_h2 = False %}
-{%- endif %}
+{%- endfor %} {#- for host in slave_parameter['host_list'] #}

 {%- macro proxy_header() %}
    timeout {{ slave_parameter['request-timeout'] }}s
@@ -50,7 +20,7 @@

 {%- for tls in [True, False] %}
 {%- if tls %}
-{%-   set backend_url = slave_parameter.get('backend-https-url', slave_parameter.get('backend-http-url')) %}
+{%-   set backend_url = slave_parameter.get('backend-https-url', slave_parameter['backend-http-url']) %}
 # SSL enabled hosts
 {{ https_host_list|join(', ') }} {
 {%- else %}
@@ -61,28 +31,28 @@
  bind {{ slave_parameter['local_ipv4'] }}
 {%- if tls %}
  tls {{ slave_parameter['certificate'] }} {{ slave_parameter['certificate'] }} {
-{%- if cipher_list %}
-    ciphers {{ cipher_list }}
+{%- if slave_parameter['ciphers'] %}
+    ciphers {{ slave_parameter['ciphers'] }}
 {%- endif %}
-{%- if enable_h2 %}
-    # Allow HTTP2
+{%- if slave_parameter['enable_h2'] %}
+    # Allow http2
    alpn h2 http/1.1
-{%- else %} {#- if enable_h2 #}
+{%- else %} {#- if slave_parameter['enable_h2'] #}
    # Disallow HTTP2
    alpn http/1.1
-{%- endif %} {#- if enable_h2 #}
+{%- endif %} {#- if slave_parameter['enable_h2'] #}
  } {# tls #}
 {%- endif %} {#- if tls #}
-  log / {{ slave_parameter.get('access_log') }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
+  log / {{ slave_parameter['access_log'] }} "{remote} - {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" {
    rotate_size 0
  }

-  errors {{ slave_parameter.get('error_log') }} {
+  errors {{ slave_parameter['error_log'] }} {
    rotate_size 0
  }

-{%- if not (slave_type == 'zope' and backend_url) %}
-{%    if prefer_gzip and not (not tls and https_only) %}
+{%- if not (slave_parameter['type'] == 'zope' and backend_url) %}
+{%    if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
  rewrite {
    regexp (.*)
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
@@ -93,20 +63,20 @@
    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
    to {1}
  }
-{%    elif slave_type not in ['notebook', 'websocket'] %}
+{%    elif slave_parameter['type'] not in ['notebook', 'websocket'] %}
  rewrite {
    regexp (.*)
    to {1}
  }
-{%    endif %} {#    elif slave_type != 'notebook' #}
-{%- endif %} {#- if not (slave_type == 'zope' and backend_url) #}
+{%    endif %} {#    elif slave_parameter['type'] != 'notebook' #}
+{%- endif %} {#- if not (slave_parameter['type'] == 'zope' and backend_url) #}

-{%- if not tls and https_only %}
+{%- if not tls and slave_parameter['https-only'] %}
  # Enforced redirection to SSL-enabled host
  redir 302 {
    / https://{host}{rewrite_uri}
  }
-{%- elif slave_type ==  'zope' and backend_url %}
+{%- elif slave_parameter['type'] ==  'zope' and backend_url %}
  # Zope configuration
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
  # {{ proxy_comment }}
@@ -116,65 +86,65 @@
    without /prefer-gzip
    header_upstream Accept-Encoding gzip
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-{%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
    # Remove cookie {{ disabled_cookie }} from client Cookies
    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
-{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
+{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}

-{%-   if disable_via_header %}
+{%-   if slave_parameter['disable-via-header'] %}
    header_downstream -Via
-{%-   endif %} {#-   if disable_via_header #}
+{%-   endif %} {#-   if slave_parameter['disable-via-header'] #}

-{%-   if disable_no_cache_header %}
+{%-   if slave_parameter['disable-no-cache-request'] %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{%-   endif %} {#-   if disable_no_cache_header #}
+{%-   endif %} {#-   if slave_parameter['disable-no-cache-request'] #}
    transparent
  } {# proxy #}
 {%-   endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
-  {%- if default_path %}
+  {%- if slave_parameter['default-path'] %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ default_path }}
+    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
  } {# redir #}
-  {%- endif %} {#- if default_path #}
-{%- if prefer_gzip and not (not tls and https_only) %}
+  {%- endif %} {#- if slave_parameter['default-path'] #}
+{%- if slave_parameter['prefer-gzip-encoding-to-backend'] and not (not tls and slave_parameter['https-only']) %}
  rewrite {
    regexp (.*)
    if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
 {%- if tls %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- else %}
-    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /prefer-gzip/VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- endif %}
  }
  rewrite {
    regexp (.*)
    if {>Accept-Encoding} not_match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
 {%- if tls %}
-    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- else %}
-    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- endif %}
  }
 {%- else %}
  rewrite {
    regexp (.*)
 {%- if tls %}
-    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-https-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- else %}
-    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '').strip('/') }}%2FVirtualHostRoot/{1}
+    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter['virtualhostroot-http-port'] }}%2F{{ slave_parameter['path'] }}%2FVirtualHostRoot/{1}
 {%- endif %}
  } {# rewrite #}
-{%- endif %} {#- if prefer_gzip #}
-{%- elif slave_type == 'redirect' %}
+{%- endif %} {#- if slave_parameter['prefer-gzip-encoding-to-backend'] #}
+{%- elif slave_parameter['type'] == 'redirect' %}
 {%-   if backend_url %}
  # Redirect configuration
  redir 302 {
    /  {{ backend_url }}{rewrite_uri}
  }
 {%-   endif %}
-{%- elif slave_type == 'notebook' %}
+{%- elif slave_parameter['type'] == 'notebook' %}
  proxy / {{ backend_url }} {
 {{ proxy_header() }}
    transparent
@@ -189,21 +159,21 @@
    websocket
    without /proxy/
  }
-{%- elif slave_type == 'websocket' %}
-{%-   if websocket_path_list %}
+{%- elif slave_parameter['type'] == 'websocket' %}
+{%-   if slave_parameter['websocket-path-list'] %}
  proxy / {{ backend_url }} {
 {{ proxy_header() }}
-{%-     if websocket_transparent %}
+{%-     if slave_parameter['websocket-transparent'] %}
    transparent
 {%-     else %}
    header_upstream Host {host}
 {%-     endif %}
  }
-{%-     for websocket_path in websocket_path_list %}
+{%-     for websocket_path in slave_parameter['websocket-path-list'] %}
  proxy "/{{ websocket_path }}" {{ backend_url }} {
 {{ proxy_header() }}
    websocket
-{%-       if websocket_transparent %}
+{%-       if slave_parameter['websocket-transparent'] %}
    transparent
 {%-       else %}
    header_upstream Host {host}
@@ -214,21 +184,21 @@
  proxy / {{ backend_url }} {
 {{ proxy_header() }}
    websocket
-{%-   if websocket_transparent %}
+{%-   if slave_parameter['websocket-transparent'] %}
    transparent
 {%-   else %}
    header_upstream Host {host}
 {%-   endif %}
  }
 {%-   endif %}
-{%- else %} {#- if slave_type ==  'zope' and backend_url #}
+{%- else %} {#- if slave_parameter['type'] ==  'zope' and backend_url #}
  # Default configuration
-{%-   if default_path %}
+{%-   if slave_parameter['default-path'] %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ default_path }}
+    / {scheme}://{host}/{{ slave_parameter['default-path'] }}
  }  {# redir #}
-{%-   endif %} {#-   if default_path #}
+{%-   endif %} {#-   if slave_parameter['default-path'] #}
 {%-   if backend_url %}

 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
@@ -239,23 +209,23 @@
    without /prefer-gzip
    header_upstream Accept-Encoding gzip
 {%-     endif %} {#-     if proxy_name == 'prefer-gzip' #}
-{%- for disabled_cookie in disabled_cookie_list %}
+{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
    # Remove cookie {{ disabled_cookie }} from client Cookies
    header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
-{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
+{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}

-{%-     if disable_via_header %}
+{%-     if slave_parameter['disable-via-header'] %}
    header_downstream -Via
-{%-     endif %} {#-     if disable_via_header #}
+{%-     endif %} {#-     if slave_parameter['disable-via-header'] #}

-{%-     if disable_no_cache_header %}
+{%-     if slave_parameter['disable-no-cache-request'] %}
    header_upstream -Cache-Control
    header_upstream -Pragma
-{%-     endif %} {#-     if disable_no_cache_header #}
+{%-     endif %} {#-     if slave_parameter['disable-no-cache-request'] #}
    transparent
  }  {# proxy #}
 {%-    endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
 {%-   endif %} {#-   if backend_url #}
-{%- endif %} {#- if slave_type ==  'zope' and backend_url #}
+{%- endif %} {#- if slave_parameter['type'] ==  'zope' and backend_url #}
 }  {# https_host_list|join(', ') #}
 {%- endfor %} {#- for tls in [True, False] #}