Fix cache config for https origins #6091
Conversation
rob05c
added
bug
rob05c
force-pushed
the
fix-atscfg-https-origins
branch
from
7430728
to
63f9884
Compare
rob05c
force-pushed
the
fix-atscfg-https-origins
branch
from
63f9884
to
2b42366
Compare
There was a problem hiding this comment.
This works for the simple delivery service case, although there remains a parent.config entry for https (in addition to http) on the edge.
Sadly this doesn't seem to work for the MSO case. There doesn't seem to be a way to mark a server as priority https and trying to change the dummy origin to https didn't seem to do anything.
Update: cleaned things out, rebuilt t3c package again and this time the parent.config for the edge looks good.
It doesn't add the ability to HTTPS MSO, no. That'll take more work (which is on our short list FWIW). But it should make MSO correctly use http for edge--mid communication, even if the MSO DS OrgServerFQDN field is https (which I think is a bug regardless of MSO, and I think this fixes for both non-MSO and MSO).
I'm looking into this now. I don't think it breaks anything, but it's definitely not ideal. I'll try to find and fix. |
Fixes cache config for https origins.
There was a bug, that https origins would result in edge remap targets of
https://...and corresponding edge parent lines of port=443 and corresponding mid remap sources ofhttps:// ... 443.Except that Edge-Mid communication has always been HTTP, and the Mid parents are :80, and Mids are listening on 80, and Mids don't have the certificates necessary to serve HTTPS.
So that config resulted in Edges making TLS HTTPS requests to the Mid's port 80. Which should fail, but seems to sometimes succeed, possibly due to Keep-Alives from other requests.
This fixes HTTPS Origins to properly use
http://...:80remaps everywhere. We would like to add internal HTTPS support in the future, but that's a much larger feature. Today, ATC doesn't support that. Moreover, that shouldn't depend on whether the Origin is HTTPS.The correct bug fix here is to use http and 80 for internal cache communication, regardless of the origin protocol.
Which this fix does.
Includes tests.
Includes changelog.
No docs, no interface change.
Which Traffic Control components are affected by this PR?
What is the best way to verify this PR?
Run tests. Generate config with an HTTPS Origin on a Delivery Service that uses mids, verify config is generated to properly use http and port 80 for all internal edge-mid communication.
If this is a bugfix, which Traffic Control versions contained the bug?
Probably all of them.
PR submission checklist