Caddy frontend like Apache frontend.

Test Result: Completed 20180628-5CD45531

Important: Just before merge the software/erp5testnode/testsuite/caddy-frontend/software.cfg has to adapted to proper branch.

Tasks:

• bugs:

  • changes in bin/caddy-wrapper are NOT taken into account during graceful reload!! Fixed by commit "caddy-frontend: Simplify Caddy wrappers"

• master:

  • https://u:p@IPV4/server-status
    • something similar can be achieved with expvars and pprof Caddy http directives
  • working master partition
  • public-ipv4
  • ip-read-limit --> was needed by mod_antiloris, not needed
  • mpm-server-limit
  • mpm-max-clients
  • mpm-start-servers
  • mpm-thread-per-child
  • mpm-graceful-shutdown-timeout
  • enable-http2-by-default
  • re6st-verification-url
  • apache-key
  • apache-certificate
  • domain
  • nginx-domain

• slaves:

  • Header edit Set-Cookie "(?i)^(.+);secure$" "$1" --> REMOVE!!
    • in case if backend will do Set-Cookie: secured=value;secure the system shall rewrite it on HTTP channel to Set-Cookie: secured=value, but leave as is on HTTPS channel
  • type:default
  • type:zope
    • beware of multiple slashes issue https://github.com/mholt/caddy/issues/1298
  • type:notebook
  • type:redirect

• url

• https-url

• custom_domain

• server-alias

• path

• default-path

• ssl_crt

• ssl_key

• https-only

• monitor-ipv6-test

• monitor-ipv4-test

• re6st-optimal-test

• enable-http2

• virtualhostroot-http-port

• virtualhostroot-https-port

• ssl-proxy-verify

• varia

  • expose Caddy on IPv6, see: https://github.com/mholt/caddy/issues/864
    • possibly 6tunnel can be handy in this case
  • allow to access log files with user/password protection
    • Beware: basic auth in caddyfile differs: https://github.com/mholt/caddy/issues/1142 and https://github.com/mholt/caddy/issues/1526
    • cover it with test
    • log and error to global file
  • control Caddy's logrotate in explicit way -- using logrotate package or internal Caddy log rotiation
  • monitoring and promises:
  • Support to raw https/http (where user can enter the configuration himself) (slave)
    • apache_custom_http
    • apache_custom_https
  • Have Traffic Server on it. (Replicant)
    • enable_cache
    • disable-no-cache-request
    • disable-via-header
  • Has to have the same "apache replication" structure
    • -frontend-authorized-slave-string
    • -frontend-quantity
  • have tests written against apache-frontend and caddy-frontend (same code mostly!), running on Nexedi's continous integration

• typos:

  • test_slave_apache_custom_http_s_accpeted
  • getInstanceParmeterDict
  • review all!

Post-MR todos are in TODO