Added SSL/HTTPS tests
This commit is contained in:
parent
f294582ae8
commit
1d0a5d9194
4 changed files with 178 additions and 0 deletions
24
test/lib/ssl/nginx-proxy.bats.crt
Normal file
24
test/lib/ssl/nginx-proxy.bats.crt
Normal file
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID7TCCAtWgAwIBAgIJAOGkf5EnexJVMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
|
||||
VQQGEwJVUzERMA8GA1UECAwIVmlyZ2luaWExDzANBgNVBAcMBlJlc3RvbjERMA8G
|
||||
A1UECgwIRmFrZSBPcmcxGzAZBgNVBAMMEioubmdpbngtcHJveHkuYmF0czEpMCcG
|
||||
CSqGSIb3DQEJARYad2VibWFzdGVyQG5naW54LXByb3h5LmJhdHMwHhcNMTYwNDIw
|
||||
MTUzOTUxWhcNMjYwNDE4MTUzOTUxWjCBjDELMAkGA1UEBhMCVVMxETAPBgNVBAgM
|
||||
CFZpcmdpbmlhMQ8wDQYDVQQHDAZSZXN0b24xETAPBgNVBAoMCEZha2UgT3JnMRsw
|
||||
GQYDVQQDDBIqLm5naW54LXByb3h5LmJhdHMxKTAnBgkqhkiG9w0BCQEWGndlYm1h
|
||||
c3RlckBuZ2lueC1wcm94eS5iYXRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEA0Amkj3iaQn8Z2CW6n24zSuWu2OoLCkHZAk8eprkI4kKoPBvjusynkm8E
|
||||
phq65jebToHoldfuQ0wM61DzhD15bHwS3x9CrOVbShsmdnGALz+wdR0/4Likx50I
|
||||
YZdecTOAlkoZudnX5FZ4ngOxjqcym7p5T8TrSS97a0fx99gitZY0p+Nu2tip4o3t
|
||||
WBMs+SoPWTlQ1SrSmL8chC8O2knyBl/w1nHmDnMuR6FGcHdhLncApw9t5spgfv7p
|
||||
OrMF4tQxJQNk10TnflmEMkGmy+pfk2e0cQ1Kwp3Nmzm7ECkggxxyjU3ihKiFK+09
|
||||
8aSCi7gDAY925+mV6LZ5oLMpO3KJvQIDAQABo1AwTjAdBgNVHQ4EFgQU+NvFo37z
|
||||
9Dyq8Mu82SPtV7q1gYQwHwYDVR0jBBgwFoAU+NvFo37z9Dyq8Mu82SPtV7q1gYQw
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAI1ityDV0UsCVHSpB2LN+
|
||||
QXlk8XS0ACIJ8Q0hbOj3BmYrdAVglG4P6upDEueaaxwsaBTagkTP8nxZ9dhfZHyZ
|
||||
5YLNwYsiG5iqb8e0ecHx3uJT/0YiXn/8rBvxEZna4Fl8seGdp7BjOWUAS2Nv8tn4
|
||||
EJJvRdfX/O8XgPc95DM4lwQ/dvyWmavMI4lnl0n1IQV9WPGaIQhYPU9WEQK6iMUB
|
||||
o1kx8YbOJQD0ZBRfqpriNt1/8ylkkSYYav8QT9JFvQFCWEvaX71QF+cuOwC7ZYBH
|
||||
4ElXwEUrYBHKiPo0q0VsTtMvLh7h/T5czrIhG/NpfVJPtQOk8aVwNScL3/n+TGU8
|
||||
6g==
|
||||
-----END CERTIFICATE-----
|
28
test/lib/ssl/nginx-proxy.bats.key
Normal file
28
test/lib/ssl/nginx-proxy.bats.key
Normal file
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQCaSPeJpCfxnY
|
||||
JbqfbjNK5a7Y6gsKQdkCTx6muQjiQqg8G+O6zKeSbwSmGrrmN5tOgeiV1+5DTAzr
|
||||
UPOEPXlsfBLfH0Ks5VtKGyZ2cYAvP7B1HT/guKTHnQhhl15xM4CWShm52dfkVnie
|
||||
A7GOpzKbunlPxOtJL3trR/H32CK1ljSn427a2Knije1YEyz5Kg9ZOVDVKtKYvxyE
|
||||
Lw7aSfIGX/DWceYOcy5HoUZwd2EudwCnD23mymB+/uk6swXi1DElA2TXROd+WYQy
|
||||
QabL6l+TZ7RxDUrCnc2bObsQKSCDHHKNTeKEqIUr7T3xpIKLuAMBj3bn6ZXotnmg
|
||||
syk7com9AgMBAAECggEAa7wCp3XqVPNjW+c1/ShhkbDeWmDhtL8i9aopkmeSbTHd
|
||||
07sRtQQU56Vsf+Sp010KpZ5q52Z6cglpS1eRtHLtdbvPPhL/QXBJVVg4E/B1VIKk
|
||||
DBJIqUSVuPXeiEOOWgs01R+ssO1ae1o4foQlKF33vGPWPPQacL0RKh6I9TPNzcD7
|
||||
n4rujlHk72N/bNydyK2rnyKB4vAI5TbZPLps+Xe123CmgZnW3JClcWV9B4foRmiu
|
||||
a5Iq1WYAK2GYKbYwgqDRyYBC27m91a7U31pE4GQD+xQdlz6kcOlCU5hAcPK3h7j0
|
||||
fLQqn8g+YAtc0nBKKB4NZe3QEzTiVMorT0VitxI71QKBgQDnirardZaXOFzYGzB3
|
||||
j+FGB9BUW54hnHr5BxOYrfmEJ5umJjJWaGupfYrQsPArrJP1//WbqVZIPvdQParD
|
||||
mQhLmSp1r/VNzGB6pISmzU1ZGDHsmBxYseh366om5YBQUFU2vmbil9VkrkM4fsJG
|
||||
tcS9V/nVY/EM7Yp3PzjfLlhC1wKBgQDmA1YJmnZvIbLp3PoKqM69QiCLKztVm7nX
|
||||
xpu3b3qbXEzXkt2sP5PHmr+s13hOPQFKRJ2hk4UN9WqpnFoHw5E5eWWhSa/peUZm
|
||||
r10Y5XspiFtRHHiu6ABXB49eB4fen+vHEZHKyRJ4rFthKjjBHdNPC8bmwnT3jE85
|
||||
/8a26FLZiwKBgQDXEi8JZslBn9YF2oOTm28KCLoHka551AsaA+u892T8z3mxxGsf
|
||||
fhD7N6TYonIEb2Jkr6OpOortwqcgvpc+5oghCJ27AX2fDUdUxDp/YdYF+wZsmQJD
|
||||
lMW1lo7PYIBmmaf9mLCiq5xIz+GauYul+LNNmUl0YEgI1SC4EV63WCodswKBgDMX
|
||||
GJxHd/kVViVGFTAa8NjvAEWJU8OfNHduQRZMp8IsjVDw6VYiRRP4Fo0wyyMtv8Sc
|
||||
WxsRpmNEWO3VsdW5pd9LTLy3nmBQtMeIOjiWeHXwOMBaf5/yHmk2X6z2JULY6Mkt
|
||||
6OFPKlAtkJqTg0m58z7Ckeqd1NdLjimG27+y+PwjAoGAFt0cbC1Ust2BE6YEspSX
|
||||
ofpAnJsyKrbF9iVUyXDUP99sdqYQfPJ5uqPGkP59lJGkTLtebuitqi6FCyrsT6Fq
|
||||
AWLiExbqebAqcuAZw2S+iuK27S4rrkjVGF53J7vH3rOzCBUXaRx6GKfTjUqedHdg
|
||||
9Kw+LP6IFnMTb+EGLo+GqHs=
|
||||
-----END PRIVATE KEY-----
|
109
test/ssl.bats
Normal file
109
test/ssl.bats
Normal file
|
@ -0,0 +1,109 @@
|
|||
#!/usr/bin/env bats
|
||||
load test_helpers
|
||||
SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}
|
||||
|
||||
function setup {
|
||||
# make sure to stop any web container before each test so we don't
|
||||
# have any unexpected contaiener running with VIRTUAL_HOST or VIRUTAL_PORT set
|
||||
stop_bats_containers web
|
||||
}
|
||||
|
||||
|
||||
@test "[$TEST_FILE] start a nginx-proxy container" {
|
||||
run nginxproxy $SUT_CONTAINER -v /var/run/docker.sock:/tmp/docker.sock:ro -v $(pwd)/lib/ssl:/etc/nginx/certs:ro
|
||||
assert_success
|
||||
docker_wait_for_log $SUT_CONTAINER 9 "Watching docker events"
|
||||
}
|
||||
|
||||
@test "[$TEST_FILE] test SSL for VIRTUAL_HOST=*.nginx-proxy.bats" {
|
||||
# WHEN
|
||||
prepare_web_container bats-ssl-hosts-1 "80 443" -e VIRTUAL_HOST=*.nginx-proxy.bats
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
|
||||
sleep 1
|
||||
|
||||
# THEN
|
||||
assert_301 test.nginx-proxy.bats
|
||||
assert_200_https test.nginx-proxy.bats
|
||||
}
|
||||
|
||||
@test "[$TEST_FILE] test HTTPS_METHOD=nohttp" {
|
||||
# WHEN
|
||||
prepare_web_container bats-ssl-hosts-1 "80 443" -e VIRTUAL_HOST=*.nginx-proxy.bats -e HTTPS_METHOD=nohttp
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
|
||||
sleep 1
|
||||
|
||||
# THEN
|
||||
assert_503 test.nginx-proxy.bats
|
||||
assert_200_https test.nginx-proxy.bats
|
||||
}
|
||||
|
||||
@test "[$TEST_FILE] test HTTPS_METHOD=noredirect" {
|
||||
# WHEN
|
||||
prepare_web_container bats-ssl-hosts-1 "80 443" -e VIRTUAL_HOST=*.nginx-proxy.bats -e HTTPS_METHOD=noredirect
|
||||
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
|
||||
sleep 1
|
||||
|
||||
# THEN
|
||||
assert_200 test.nginx-proxy.bats
|
||||
assert_200_https test.nginx-proxy.bats
|
||||
}
|
||||
|
||||
|
||||
@test "[$TEST_FILE] stop all bats containers" {
|
||||
stop_bats_containers
|
||||
}
|
||||
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 200` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_200 {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 200 OK\r'
|
||||
}
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_503 {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 503 Service Temporarily Unavailable\r'
|
||||
}
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_301 {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 301 Moved Permanently\r'
|
||||
}
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 200` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_200_https {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 200 OK\r'
|
||||
}
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_503_https {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 503 Service Temporarily Unavailable\r'
|
||||
}
|
||||
|
||||
# assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
|
||||
# $1 Host HTTP header to use when querying nginx-proxy
|
||||
function assert_301_https {
|
||||
local -r host=$1
|
||||
|
||||
run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
|
||||
assert_output -l 0 $'HTTP/1.1 301 Moved Permanently\r'
|
||||
}
|
|
@ -74,6 +74,23 @@ function curl_container {
|
|||
http://$(docker_ip $container)${path}
|
||||
}
|
||||
|
||||
# Send a HTTPS request to container $1 for path $2 and
|
||||
# Additional curl options can be passed as $@
|
||||
#
|
||||
# $1 container name
|
||||
# $2 HTTPS path to query
|
||||
# $@ additional options to pass to the curl command
|
||||
function curl_container_https {
|
||||
local -r container=$1
|
||||
local -r path=$2
|
||||
shift 2
|
||||
docker run --label bats-type="curl" appropriate/curl --silent \
|
||||
--connect-timeout 5 \
|
||||
--max-time 20 \
|
||||
--insecure \
|
||||
"$@" \
|
||||
https://$(docker_ip $container)${path}
|
||||
}
|
||||
|
||||
# start a container running (one or multiple) webservers listening on given ports
|
||||
#
|
||||
|
|
Reference in a new issue