Commit 4d0a063e authored by Łukasz Nowak's avatar Łukasz Nowak

caddy-frontend: Drop obsoleted QUIC

QUIC is not used at all, and became superseded by HTTP/3
parent 92fd6909
......@@ -403,20 +403,6 @@ the proxy::
}
)
QUIC Protocol
=============
Note: QUIC support in Caddy is really experimental. It can result with silently having problems with QUIC connections or hanging Caddy process. So in case of QUIC error ``QUIC_NETWORK_IDLE_TIMEOUT`` or ``QUIC_PEER_GOING_AWAY`` it is required to restart caddy process.
Note: Chrome will refuse to connect to QUIC on different port then HTTPS has been served. As Caddy binds to high ports, if QUIC is wanted, the browser need to connect to high port too.
Experimental QUIC available in Caddy is not configurable. If caddy is configured to bind to HTTPS port ``${port}``, QUIC is going to be advertised on this port only. It is not possible to configure another public port in case of port rewriting.
So it is required to ``DNAT`` from ``${public IP}`` of the computer to the computer partition running caddy ``${local IP}`` with configured port::
iptables -A DNAT -d ${public IP}/32 -p udp -m udp --dport ${port} -j DNAT --to-destination ${local IP}:${port}
Promises
========
......
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = a351f22e3f74cb3c76ac92ac482c1ecc
md5sum = 20f7a925e686949092823595c79a0523
[template-common]
filename = instance-common.cfg.in
......@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend]
filename = instance-apache-frontend.cfg.in
md5sum = 9409c580ce469dd31e8b7b05a1e59ae7
md5sum = 0851faa528eb4f21330a6f23f77dea7f
[template-caddy-replicate]
filename = instance-apache-replicate.cfg.in
......
......@@ -318,9 +318,6 @@ template = inline:
-http2=false \
{% else %}
-http2=true \
{% endif %}
{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-quic \
{% endif %}
-grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
-disable-http-challenge \
......
......@@ -66,16 +66,6 @@
"title": "Test Verification URL",
"type": "string"
},
"enable-quic": {
"default": "false",
"description": "Enables QUIC - Quick UDP Internet Connections. Note that this is experimental feature, thus can result in undefined behaviour. Warning: Changing the parameter will result in restarting Caddy process.",
"enum": [
"true",
"false"
],
"title": "Enable QUIC",
"type": "string"
},
"proxy-try-duration": {
"default": 5,
"description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",
......
......@@ -115,7 +115,6 @@ configuration.enable-http2-by-default = true
configuration.global-disable-http2 = false
configuration.ciphers =
configuration.request-timeout = 600
configuration.enable-quic = false
configuration.mpm-graceful-shutdown-timeout = 5
configuration.frontend-name =
configuration.proxy-try-duration = 5
......
......@@ -33,9 +33,8 @@ from requests_toolbelt.adapters import source
import json
import multiprocessing
import subprocess
from unittest import skip, expectedFailure
from unittest import skip
import ssl
import signal
from BaseHTTPServer import HTTPServer
from BaseHTTPServer import BaseHTTPRequestHandler
from forcediphttpsadapter.adapters import ForcedIPHTTPSAdapter
......@@ -225,17 +224,6 @@ def isHTTP2(domain, ip):
return 'Using HTTP2, server supports multi-use' in err
def getQUIC(url, ip, port):
quic_client_command = 'quic_client --disable-certificate-verification '\
'--port=%(port)s --host=%(host)s %(url)s' % dict(
port=port, host=ip, url=url)
try:
return True, subprocess.check_output(
quic_client_command.split(), stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
return False, e.output
def getPluginParameterDict(software_path, filepath):
"""Load the slapos monitor plugin and returns the configuration used by this plugin.
......@@ -4509,104 +4497,6 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'public-ipv4': cls._ipv4_address,
'enable-quic': 'true',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'mpm-graceful-shutdown-timeout': 2,
'kedifa_port': KEDIFA_PORT,
'caucase_port': CAUCASE_PORT,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
'url': {
'url': cls.backend_url,
'enable_cache': True,
},
}
# It is known problem that QUIC does not work after sending reload signal,
# SIGUSR1, see https://github.com/mholt/caddy/issues/2394
@expectedFailure
def test_url(self):
parameter_dict = self.parseSlaveParameterDict('url')
self.assertLogAccessUrlWithPop(parameter_dict)
self.assertKedifaKeysWithPop(parameter_dict)
self.assertEqual(
{
'domain': 'url.example.com',
'replication_number': '1',
'url': 'http://url.example.com',
'site_url': 'http://url.example.com',
'secure_access': 'https://url.example.com',
'public-ipv4': self._ipv4_address,
},
parameter_dict
)
result = fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
self.certificate_pem,
der2pem(result.peercert))
self.assertEqualResultJson(result, 'Path', '/test-path')
try:
j = result.json()
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (result.text,))
self.assertFalse('remote_user' in j['Incoming Headers'].keys())
self.assertKeyWithPop('Date', result.headers)
self.assertKeyWithPop('Content-Length', result.headers)
def assertQUIC():
quic_status, quic_result = getQUIC(
'https://%s/%s' % (parameter_dict['domain'], 'test-path'),
parameter_dict['public-ipv4'],
HTTPS_PORT
)
self.assertTrue(quic_status, quic_result)
try:
quic_jsoned = quic_result.split('body: ')[2].split('trailers')[0]
except Exception:
raise ValueError('JSON not found at all in QUIC result:\n%s' % (
quic_result,))
try:
j = json.loads(quic_jsoned)
except Exception:
raise ValueError('JSON decode problem in:\n%s' % (quic_jsoned,))
key = 'Path'
self.assertTrue(key in j, 'No key %r in %s' % (key, j))
self.assertEqual('/test-path', j[key])
assertQUIC()
# https://github.com/mholt/caddy/issues/2394
# after sending USR1 to Caddy QUIC does not work, check current behaviour
caddy_pid = [
q['pid'] for q
in self.callSupervisorMethod('getAllProcessInfo')
if 'frontend_caddy' in q['name']][0]
os.kill(caddy_pid, signal.SIGUSR1)
# give caddy a moment to refresh its config, as sending signal does not
# block until caddy is refreshed
time.sleep(2)
assertQUIC()
@skip('New test system cannot be used with failing promises')
class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
......
......@@ -15,4 +15,4 @@
[template]
filename = instance.cfg
md5sum = b21b2a9ac7f027a044a897c6eacbba56
md5sum = 298bac4a631de3b30593b9a1dcf63e1c
......@@ -36,7 +36,7 @@ command-line =
--source_code_path_list={{ ','.join(tests.splitlines()) }}
environment =
PATH={{ buildout['bin-directory'] }}:{{ quic_client_location }}:{{ curl_location }}/bin/:/usr/bin/:/bin
PATH={{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:/usr/bin/:/bin
SLAPOS_TEST_IPV4=${slap-configuration:ipv4-random}
SLAPOS_TEST_IPV6=${slap-configuration:ipv6-random}
SLAPOS_TEST_WORKING_DIR=${directory:working-dir}
......@@ -8,7 +8,6 @@ extends =
../../component/python-cryptography/buildout.cfg
../../component/python-mysqlclient/buildout.cfg
../../component/python-pynacl/buildout.cfg
../../component/quic_client-bin/buildout.cfg
../../component/python-backports-lzma/buildout.cfg
../../stack/slapos.cfg
......@@ -235,7 +234,6 @@ context =
key git_location git:location
key slapos_location slapos-repository:location
key interpreter eggs:interpreter
key quic_client_location quic_client-bin:location
key curl_location curl:location
key tests :tests
tests =
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment