caddy-frontend: Drop obsoleted QUIC

QUIC is not used at all, and became superseded by HTTP/3

caddy-frontend: Drop obsoleted QUIC
QUIC is not used at all, and became superseded by HTTP/3
4d0a063e · Łukasz Nowak · 92fd6909 · 4d0a063e · 4d0a063e · 4d0a063e
Commit 4d0a063e authored Jun 04, 2020 by Łukasz Nowak
9 changed files
--- a/software/caddy-frontend/README.caddy_frontend.rst
+++ b/software/caddy-frontend/README.caddy_frontend.rst
@@ -403,20 +403,6 @@ the proxy::
    }
  )
-QUIC Protocol
-=============
-Note: QUIC support in Caddy is really experimental. It can result with silently having problems with QUIC connections or hanging Caddy process. So in case of QUIC error ``QUIC_NETWORK_IDLE_TIMEOUT`` or ``QUIC_PEER_GOING_AWAY`` it is required to restart caddy process.
-Note: Chrome will refuse to connect to QUIC on different port then HTTPS has been served. As Caddy binds to high ports, if QUIC is wanted, the browser need to connect to high port too.
-Experimental QUIC available in Caddy is not configurable. If caddy is configured to bind to HTTPS port ``${port}``, QUIC is going to be advertised on this port only. It is not possible to configure another public port in case of port rewriting.
-So it is required to ``DNAT`` from ``${public IP}`` of the computer to the computer partition running caddy ``${local IP}`` with configured port::
-  iptables -A DNAT -d ${public IP}/32 -p udp -m udp --dport ${port} -j DNAT --to-destination ${local IP}:${port}
 Promises
 ========

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -14,7 +14,7 @@
 # not need these here).
 [template]
 filename = instance.cfg.in
-md5sum = a351f22e3f74cb3c76ac92ac482c1ecc
+md5sum = 20f7a925e686949092823595c79a0523
 [template-common]
 filename = instance-common.cfg.in
@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
 [template-apache-frontend]
 filename = instance-apache-frontend.cfg.in
-md5sum = 9409c580ce469dd31e8b7b05a1e59ae7
+md5sum = 0851faa528eb4f21330a6f23f77dea7f
 [template-caddy-replicate]
 filename = instance-apache-replicate.cfg.in

--- a/software/caddy-frontend/instance-apache-frontend.cfg.in
+++ b/software/caddy-frontend/instance-apache-frontend.cfg.in
@@ -318,9 +318,6 @@ template = inline:
  -http2=false \
 {% else %}
  -http2=true \
-{% endif %}
-{% if instance_parameter['configuration.enable-quic'].lower() in TRUE_VALUES %}
-  -quic \
 {% endif %}
  -grace {{ instance_parameter['configuration.mpm-graceful-shutdown-timeout'] }}s \
  -disable-http-challenge \

--- a/software/caddy-frontend/instance-caddy-input-schema.json
+++ b/software/caddy-frontend/instance-caddy-input-schema.json
@@ -66,16 +66,6 @@
      "title": "Test Verification URL",
      "type": "string"
    },
-    "enable-quic": {
-      "default": "false",
-      "description": "Enables QUIC - Quick UDP Internet Connections. Note that this is experimental feature, thus can result in undefined behaviour. Warning: Changing the parameter will result in restarting Caddy process.",
-      "enum": [
-        "true",
-        "false"
-      ],
-      "title": "Enable QUIC",
-      "type": "string"
-    },
    "proxy-try-duration": {
      "default": 5,
      "description": "A time during which Caddy will try to establish connection with a backend. Setting it to 0 will result with immediate return of 502 EOF error to the browser, even if it would be possible to (re)connect to the backend during few moments. More info in https://caddyserver.com/docs/proxy try_durtion.",

--- a/software/caddy-frontend/instance.cfg.in
+++ b/software/caddy-frontend/instance.cfg.in
@@ -115,7 +115,6 @@ configuration.enable-http2-by-default = true
 configuration.global-disable-http2 = false
 configuration.ciphers =
 configuration.request-timeout = 600
-configuration.enable-quic = false
 configuration.mpm-graceful-shutdown-timeout = 5
 configuration.frontend-name =
 configuration.proxy-try-duration = 5

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -33,9 +33,8 @@ from requests_toolbelt.adapters import source
 import json
 import multiprocessing
 import subprocess
-from unittest import skip, expectedFailure
+from unittest import skip
 import ssl
-import signal
 from BaseHTTPServer import HTTPServer
 from BaseHTTPServer import BaseHTTPRequestHandler
 from forcediphttpsadapter.adapters import ForcedIPHTTPSAdapter
@@ -225,17 +224,6 @@ def isHTTP2(domain, ip):
  return 'Using HTTP2, server supports multi-use' in err
-def getQUIC(url, ip, port):
-  quic_client_command = 'quic_client --disable-certificate-verification '\
-    '--port=%(port)s --host=%(host)s %(url)s' % dict(
-      port=port, host=ip, url=url)
-  try:
-    return True, subprocess.check_output(
-      quic_client_command.split(), stderr=subprocess.STDOUT)
-  except subprocess.CalledProcessError as e:
-    return False, e.output
 def getPluginParameterDict(software_path, filepath):
  """Load the slapos monitor plugin and returns the configuration used by this plugin.
@@ -4509,104 +4497,6 @@ class TestDefaultMonitorHttpdPort(SlaveHttpFrontendTestCase, TestDataMixin):
      'Listen [%s]:8072' % (self._ipv6_address,) in slave_monitor_conf)
-class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
-  @classmethod
-  def getInstanceParameterDict(cls):
-    return {
-      'domain': 'example.com',
-      'public-ipv4': cls._ipv4_address,
-      'enable-quic': 'true',
-      'port': HTTPS_PORT,
-      'plain_http_port': HTTP_PORT,
-      'mpm-graceful-shutdown-timeout': 2,
-      'kedifa_port': KEDIFA_PORT,
-      'caucase_port': CAUCASE_PORT,
-    }
-  @classmethod
-  def getSlaveParameterDictDict(cls):
-    return {
-      'url': {
-        'url': cls.backend_url,
-        'enable_cache': True,
-      },
-    }
-  # It is known problem that QUIC does not work after sending reload signal,
-  # SIGUSR1, see https://github.com/mholt/caddy/issues/2394
-  @expectedFailure
-  def test_url(self):
-    parameter_dict = self.parseSlaveParameterDict('url')
-    self.assertLogAccessUrlWithPop(parameter_dict)
-    self.assertKedifaKeysWithPop(parameter_dict)
-    self.assertEqual(
-      {
-        'domain': 'url.example.com',
-        'replication_number': '1',
-        'url': 'http://url.example.com',
-        'site_url': 'http://url.example.com',
-        'secure_access': 'https://url.example.com',
-        'public-ipv4': self._ipv4_address,
-      },
-      parameter_dict
-    )
-    result = fakeHTTPSResult(
-      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
-    self.assertEqual(
-      self.certificate_pem,
-      der2pem(result.peercert))
-    self.assertEqualResultJson(result, 'Path', '/test-path')
-    try:
-      j = result.json()
-    except Exception:
-      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
-    self.assertFalse('remote_user' in j['Incoming Headers'].keys())
-    self.assertKeyWithPop('Date', result.headers)
-    self.assertKeyWithPop('Content-Length', result.headers)
-    def assertQUIC():
-      quic_status, quic_result = getQUIC(
-        'https://%s/%s' % (parameter_dict['domain'], 'test-path'),
-        parameter_dict['public-ipv4'],
-        HTTPS_PORT
-      )
-      self.assertTrue(quic_status, quic_result)
-      try:
-        quic_jsoned = quic_result.split('body: ')[2].split('trailers')[0]
-      except Exception:
-        raise ValueError('JSON not found at all in QUIC result:\n%s' % (
-          quic_result,))
-      try:
-        j = json.loads(quic_jsoned)
-      except Exception:
-        raise ValueError('JSON decode problem in:\n%s' % (quic_jsoned,))
-      key = 'Path'
-      self.assertTrue(key in j, 'No key %r in %s' % (key, j))
-      self.assertEqual('/test-path', j[key])
-    assertQUIC()
-    # https://github.com/mholt/caddy/issues/2394
-    # after sending USR1 to Caddy QUIC does not work, check current behaviour
-    caddy_pid = [
-      q['pid'] for q
-      in self.callSupervisorMethod('getAllProcessInfo')
-      if 'frontend_caddy' in q['name']][0]
-    os.kill(caddy_pid, signal.SIGUSR1)
-    # give caddy a moment to refresh its config, as sending signal does not
-    # block until caddy is refreshed
-    time.sleep(2)
-    assertQUIC()
 @skip('New test system cannot be used with failing promises')
 class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
  @classmethod

--- a/software/slapos-sr-testing/buildout.hash.cfg
+++ b/software/slapos-sr-testing/buildout.hash.cfg
@@ -15,4 +15,4 @@
 [template]
 filename = instance.cfg
-md5sum = b21b2a9ac7f027a044a897c6eacbba56
+md5sum = 298bac4a631de3b30593b9a1dcf63e1c
--- a/software/slapos-sr-testing/instance.cfg
+++ b/software/slapos-sr-testing/instance.cfg
@@ -36,7 +36,7 @@ command-line =
  --source_code_path_list={{ ','.join(tests.splitlines()) }}
 environment =
-  PATH={{ buildout['bin-directory'] }}:{{ quic_client_location }}:{{ curl_location }}/bin/:/usr/bin/:/bin
+  PATH={{ buildout['bin-directory'] }}:{{ curl_location }}/bin/:/usr/bin/:/bin
  SLAPOS_TEST_IPV4=${slap-configuration:ipv4-random}
  SLAPOS_TEST_IPV6=${slap-configuration:ipv6-random}
  SLAPOS_TEST_WORKING_DIR=${directory:working-dir}
--- a/software/slapos-sr-testing/software.cfg
+++ b/software/slapos-sr-testing/software.cfg
@@ -8,7 +8,6 @@ extends =
  ../../component/python-cryptography/buildout.cfg
  ../../component/python-mysqlclient/buildout.cfg
  ../../component/python-pynacl/buildout.cfg
-  ../../component/quic_client-bin/buildout.cfg
  ../../component/python-backports-lzma/buildout.cfg
  ../../stack/slapos.cfg
@@ -235,7 +234,6 @@ context =
  key git_location git:location
  key slapos_location slapos-repository:location
  key interpreter eggs:interpreter
-  key quic_client_location quic_client-bin:location
  key curl_location curl:location
  key tests :tests
 tests =