Mercurial > hg > nginx-tests
annotate proxy_protocol_unix.t @ 1974:b5036a0f9ae0
Tests: improved compatibility when using recent "openssl" app.
Starting with OpenSSL 3.0, "openssl genrsa" generates encrypted keys
in PKCS#8 format instead of previously used PKCS#1 format. Further,
since OpenSSL 1.1.0 such keys are using PBKDF2 hmacWithSHA256.
Such keys are not supported by old SSL libraries, notably by OpenSSL
before 1.0.0 (OpenSSL 0.9.8 only supports hmacWithSHA1) and by BoringSSL
before May 21, 2019 (support for hmacWithSHA256 was added in 302a4dee6c),
and trying to load such keys into nginx compiled with an old SSL library
results in "unsupported prf" errors.
To facilitate testing with old SSL libraries, keys are now generated
with "openssl genrsa -traditional" if the flag is available.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 May 2024 00:04:26 +0300 |
parents | f89ff07b6ac0 |
children |
rev | line source |
---|---|
1644
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for haproxy protocol with unix socket. |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use Test::Nginx::Stream; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 ############################################################################### |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDERR; $| = 1; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDOUT; $| = 1; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 my $t = Test::Nginx->new() |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 ->has(qw/http realip stream stream_realip stream_return unix/) |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 ->plan(5); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 $t->write_file_expand('nginx.conf', <<'EOF'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 %%TEST_GLOBALS%% |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 daemon off; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 events { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 http { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 %%TEST_GLOBALS_HTTP%% |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 listen unix:%%TESTDIR%%/unix.sock proxy_protocol; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 server_name localhost; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 add_header X-IP $remote_addr; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 add_header X-PP $proxy_protocol_addr; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 real_ip_header proxy_protocol; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 location / { } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 location /pp { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 set_real_ip_from unix:; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 error_page 404 =200 /t; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 stream { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 %%TEST_GLOBALS_STREAM%% |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen unix:%%TESTDIR%%/unix1.sock proxy_protocol; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 return $remote_addr:$proxy_protocol_addr; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 listen unix:%%TESTDIR%%/unix2.sock proxy_protocol; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 return $remote_addr:$proxy_protocol_addr; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 set_real_ip_from unix:; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 listen 127.0.0.1:8080; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 proxy_pass unix:%%TESTDIR%%/unix.sock; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 proxy_protocol on; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 listen 127.0.0.1:8081; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 proxy_pass unix:%%TESTDIR%%/unix1.sock; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 proxy_protocol on; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 server { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 listen 127.0.0.1:8082; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 proxy_pass unix:%%TESTDIR%%/unix2.sock; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 proxy_protocol on; |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 EOF |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 $t->write_file('t', 'SEE-THIS'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 $t->run(); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 ############################################################################### |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my $r = http_get('/t'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 like($r, qr/X-IP: unix/, 'remote_addr'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 like($r, qr/X-PP: 127.0.0.1/, 'proxy_protocol_addr'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 $r = http_get('/pp'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 like($r, qr/X-IP: 127.0.0.1/, 'remote_addr realip'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 # listen proxy_protocol in stream |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 is(get(8081), 'unix::127.0.0.1', 'stream proxy_protocol'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 is(get(8082), '127.0.0.1:127.0.0.1', 'stream proxy_protocol realip'); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 ############################################################################### |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 sub get { |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 Test::Nginx::Stream->new(PeerPort => port(shift))->read(); |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 } |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 |
f89ff07b6ac0
Tests: proxy_protocol tests with unix socket.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 ############################################################################### |