Mercurial > hg > nginx-tests
annotate upstream_zone_ssl.t @ 931:bf86f9ad0c23
Tests: proxy_cache_bypass TODO adjusted.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 20 May 2016 22:50:37 +0300 |
parents | f3434de79a7f |
children | e9064d691790 |
rev | line source |
---|---|
560
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for upstream zone with ssl backend. |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 BEGIN { use FindBin; chdir($FindBin::Bin); } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 use lib 'lib'; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 use Test::Nginx; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 select STDERR; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 select STDOUT; $| = 1; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 my $t = Test::Nginx->new()->has(qw/http proxy http_ssl upstream_zone/) |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 ->has_daemon('openssl')->write_file_expand('nginx.conf', <<'EOF'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 %%TEST_GLOBALS%% |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 daemon off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 events { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 http { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 %%TEST_GLOBALS_HTTP%% |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 upstream u { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 zone u 32k; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 server 127.0.0.1:8081; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 upstream u2 { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 zone u; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 server 127.0.0.1:8081 backup; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 server 127.0.0.1:8082 down; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 listen 127.0.0.1:8081 ssl; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 ssl_certificate_key localhost.key; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate localhost.crt; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_session_cache builtin; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 location / { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 add_header X-Session $ssl_session_reused; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 server { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 listen 127.0.0.1:8080; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 server_name localhost; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 proxy_ssl_session_reuse off; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 location /ssl_reuse { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 proxy_pass https://u/; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 proxy_ssl_session_reuse on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 location /ssl { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 proxy_pass https://u/; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 location /backup_reuse { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 proxy_pass https://u2/; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 proxy_ssl_session_reuse on; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 location /backup { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 proxy_pass https://u2/; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 $t->write_file('openssl.conf', <<EOF); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 [ req ] |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 default_bits = 2048 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 encrypt_key = no |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 distinguished_name = req_distinguished_name |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 [ req_distinguished_name ] |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 EOF |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 $t->write_file('index.html', ''); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 my $d = $t->testdir(); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 foreach my $name ('localhost') { |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 system('openssl req -x509 -new ' |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 . ">>$d/openssl.out 2>&1") == 0 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 or die "Can't create certificate for $name: $!\n"; |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 } |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 $t->try_run('no upstream zone')->plan(8); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 ############################################################################### |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 like(http_get('/ssl'), qr/200 OK.*X-Session: \./s, 'ssl 2'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: \./s, 'ssl reuse session'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 like(http_get('/ssl_reuse'), qr/200 OK.*X-Session: r/s, 'ssl reuse session 2'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 like(http_get('/backup'), qr/200 OK.*X-Session: \./s, 'backup 2'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 like(http_get('/backup_reuse'), qr/200 OK.*X-Session: \./s, 'backup reuse'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 like(http_get('/backup_reuse'), qr/200 OK.*X-Session: r/s, 'backup reuse 2'); |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
f3434de79a7f
Tests: upstream zone tests with ssl backend.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 ############################################################################### |